Government Security
Network Security Resources

Jump to content

Undetectable Trojans

- - - - - virus trojan
  • Please log in to reply
96 replies to this topic

#31 secur3x

secur3x

    Private

  • Members
  • 9 posts

Posted 22 February 2004 - 12:03 AM

The easiest way to make trojins particulary .exe's undetectable is to encrypt them or even pack them . You can edit the source and change the names of things abit depending on what the virus def's look for but its far easier to just pack/encrypt them i would suggest using encrypters that cant be unencrypted, such as usuing upx for a packer when u can easily use a hex editor and find the upx version then decrompress it using upx.

aspack is also good
fsg
asprotect

you get the picture but i think its wise to try everything u can to decrypt or decrompress and scan it using every virus scanner u can get your hands on before u intend to use it.

noone likes trojins including me. :)

#32 TwitcH

TwitcH

    Private First Class

  • Members
  • 40 posts

Posted 22 February 2004 - 01:29 PM

lol

#33 TwitcH

TwitcH

    Private First Class

  • Members
  • 40 posts

Posted 22 February 2004 - 01:32 PM

i would suggest using encrypters that cant be unencrypted

Everything can be decrypted with enough patience, attention and coffee :P

#34 Guest_Bigbowser_*

Guest_Bigbowser_*
  • Guests

Posted 29 February 2004 - 09:13 AM

dude, optix is written in delphi. get DeDe and then decompile it, then you'll have the source and an undetectable trojan for $0. :D

#35 edjorge

edjorge

    Private First Class

  • Members
  • 28 posts

Posted 29 February 2004 - 09:32 AM

dude, optix  is written in delphi. get DeDe and then decompile it, then you'll have the source and an undetectable trojan for  $0.  :D

Sounds great.

#36 acidbrain

acidbrain

    Private

  • Members
  • 2 posts

Posted 13 March 2004 - 08:31 PM

Search google "dede download" :P

#37 Guest_A2_*

Guest_A2_*
  • Guests

Posted 13 March 2004 - 09:31 PM

the best way to make your trojan undetectable remains and always will be the rewrite-it-from-scratch method. if this isn't possible take the advice of the very knowledgable people at areyoufearless.com...

  How can I make a trojan undetectable?

There are several ways to make a trojan undetectable by anti-virus scanners. You can bind it with an unknown binder which will change the structure of the EXE (bytes/byte positions) which will throw AV off, the same goes with packing the trojan with an unknown exe packer. Some require that you have the unpacked version of the trojan server before you do this. If you aren't sure if the trojan is packed, use a hex editor to look at the executable data. If you see UPX anywhere, mainly at the top of the file.. it is packed. You can use UPX to reverse this and turn it into an unpacked server. You can find UPX with an easy to use GUI in the mf4 approved software section


found in the trojan section of their FAQ.

#38 som3aa

som3aa

    Private First Class

  • Members
  • 62 posts

Posted 14 March 2004 - 04:06 AM

Well i have a packer that makes the trojan undetected for alllllll antiviruses but :( can't execute the file cz it will be detected.
not gonna say name or else it'll be detected within few days :P

use a hex editor to look at the executable data. If you see UPX anywhere


There is a program called resources tuner is used for that , it can tell u if the trojan is packed with most common packers and it can unpack it . :D

#39 Guest_sass_this_*

Guest_sass_this_*
  • Guests

Posted 20 March 2004 - 12:13 PM

Alright so ive been able to surpass mcafee's virus signature's with little trouble, next i tried with panda platinum av 2004 got somwhat far but ran into a spot where the signature is LoadLibraryA..GetProcAddress., which i cannot change without making the program unable to run. So i did a bit of investigation and found that it is only scanning for the specific string on a specific line - so if i add a blank line anywhere above the signature it's not detected. All my attempts to add a line or any data above the signature have resulted in my file being unable to run or giving me error's. So the real question would be how can i add somthing above to make it undetected yet still functional? I looked thru some program's trying to find somthing but no luck so far. Also the signature is case sensitive but if you change anything in the string it seem's to make the program not run.


Also packing\binding are out for me whereas my victim has file protection on so once he would run the bound file it will detect the trojan as its being extracted to the temporary folder(or wherever) and delete'd.

#40 pugrit

pugrit

    Corporal

  • Members
  • 176 posts

Posted 20 March 2004 - 02:40 PM

Greetings.

as of now i have known one trojan that AV wont detect. its RAT by strombringer i think. i got the zipped file and is writtedn in delphi. although it has a GUI, giving commands is still in command line (w/c i prefer rather than just click click and click).and has not a lot of options.i forgot the website :( , ill try to look it out.


but its great :D

#41 Guest_extremehacks_*

Guest_extremehacks_*
  • Guests

Posted 21 March 2004 - 08:02 AM

hey i cant make a new topic?

anyway, ive been looking for a good exe file binder, ive downloaded so many but i was wondering, why are all of the ones i find on the net infected with hack tool or dropper or some kind of detectable virus? isnt there working ones that arent infected?

sorry if this isnt the right place for this topic even if its in another topic, can someone please answer my question.

thanks

#42 pugrit

pugrit

    Corporal

  • Members
  • 176 posts

Posted 21 March 2004 - 10:19 AM

i also noticed that. i try to update my av as much as posible then test new trojans/wares on it...like binders..i binded a auto start for a windrop a placed on internet cafes..on my pc it was ok running fine..but when its time for operation on internet cafes..their AV detect my binded program.

any binders?good ones.

thanks

#43 Guest_extremehacks_*

Guest_extremehacks_*
  • Guests

Posted 21 March 2004 - 10:36 AM

weird i downloaded multi binder 1.2.1 yesterday and it wasnt infected, and the binded exe wasnt even infected like usually, i thought i finally found a good one, but today i tried to bind exe files again and norton saw hack.tool on the multi binder program and deleted all the files for that program...

anyone have any good binders at all?

#44 Eyeless

Eyeless

    Specialist

  • Members
  • 143 posts

Posted 21 March 2004 - 10:06 PM

NakedBind & Multijoiner & Hammer Binder are all greeeaaaaat.

#45 TeXT

TeXT

    Private

  • Members
  • 9 posts

Posted 22 March 2004 - 03:54 PM

Who need undetectable trojan's server ... and other viruses.. ?..
I can to make any viruses untetectable 100% by all antiviruses: AVP, Dr.Web, McAfee, Panda, Norton ...
icq: 1554239
mail: fat3@ok.kz





Also tagged with one or more of these keywords: virus, trojan