aspack is also good
fsg
asprotect
you get the picture but i think its wise to try everything u can to decrypt or decrompress and scan it using every virus scanner u can get your hands on before u intend to use it.
noone likes trojins including me.
Sponsored by: â–ˆ Sparkhost - Hosting Without Compromises! â–ˆ Hybrid Performance Web Hosting â–ˆ Spark Host Stream Hosting â–ˆ Hybrid IRC & IRCd Server Shell Accounts
Undetectable Trojans
Started by
Guest_aRpanetGuru_*
, Oct 20 2003 01:16 PM
96 replies to this topic
#31
secur3x
-
- Members
-
- 9 posts
Private
Posted 22 February 2004 - 12:03 AM
The easiest way to make trojins particulary .exe's undetectable is to encrypt them or even pack them . You can edit the source and change the names of things abit depending on what the virus def's look for but its far easier to just pack/encrypt them i would suggest using encrypters that cant be unencrypted, such as usuing upx for a packer when u can easily use a hex editor and find the upx version then decrompress it using upx.
aspack is also good
fsg
asprotect
you get the picture but i think its wise to try everything u can to decrypt or decrompress and scan it using every virus scanner u can get your hands on before u intend to use it.
noone likes trojins including me.
aspack is also good
fsg
asprotect
you get the picture but i think its wise to try everything u can to decrypt or decrompress and scan it using every virus scanner u can get your hands on before u intend to use it.
noone likes trojins including me.
#33
TwitcH
-
- Members
-
- 40 posts
Private First Class
Posted 22 February 2004 - 01:32 PM
Everything can be decrypted with enough patience, attention and coffeei would suggest using encrypters that cant be unencrypted
#34 Guest_Bigbowser_*
Guest_Bigbowser_*
-
- Guests
Posted 29 February 2004 - 09:13 AM
dude, optix is written in delphi. get DeDe and then decompile it, then you'll have the source and an undetectable trojan for $0. 
#35
edjorge
-
- Members
-
- 28 posts
Private First Class
Posted 29 February 2004 - 09:32 AM
Sounds great.dude, optix is written in delphi. get DeDe and then decompile it, then you'll have the source and an undetectable trojan for $0.
#37 Guest_A2 _*
Guest_A2 _*
-
- Guests
Posted 13 March 2004 - 09:31 PM
the best way to make your trojan undetectable remains and always will be the rewrite-it-from-scratch method. if this isn't possible take the advice of the very knowledgable people at areyoufearless.com...
found in the trojan section of their FAQ.
· How can I make a trojan undetectable?
There are several ways to make a trojan undetectable by anti-virus scanners. You can bind it with an unknown binder which will change the structure of the EXE (bytes/byte positions) which will throw AV off, the same goes with packing the trojan with an unknown exe packer. Some require that you have the unpacked version of the trojan server before you do this. If you aren't sure if the trojan is packed, use a hex editor to look at the executable data. If you see UPX anywhere, mainly at the top of the file.. it is packed. You can use UPX to reverse this and turn it into an unpacked server. You can find UPX with an easy to use GUI in the mf4 approved software section
found in the trojan section of their FAQ.
#38
som3aa
-
- Members
-
- 62 posts
Private First Class
Posted 14 March 2004 - 04:06 AM
Well i have a packer that makes the trojan undetected for alllllll antiviruses but 
can't execute the file cz it will be detected.
not gonna say name or else it'll be detected within few days
There is a program called resources tuner is used for that , it can tell u if the trojan is packed with most common packers and it can unpack it .
can't execute the file cz it will be detected.not gonna say name or else it'll be detected within few days
use a hex editor to look at the executable data. If you see UPX anywhere
There is a program called resources tuner is used for that , it can tell u if the trojan is packed with most common packers and it can unpack it .
#39 Guest_sass_this_*
Guest_sass_this_*
-
- Guests
Posted 20 March 2004 - 12:13 PM
Alright so ive been able to surpass mcafee's virus signature's with little trouble, next i tried with panda platinum av 2004 got somwhat far but ran into a spot where the signature is LoadLibraryA..GetProcAddress., which i cannot change without making the program unable to run. So i did a bit of investigation and found that it is only scanning for the specific string on a specific line - so if i add a blank line anywhere above the signature it's not detected. All my attempts to add a line or any data above the signature have resulted in my file being unable to run or giving me error's. So the real question would be how can i add somthing above to make it undetected yet still functional? I looked thru some program's trying to find somthing but no luck so far. Also the signature is case sensitive but if you change anything in the string it seem's to make the program not run.
Also packing\binding are out for me whereas my victim has file protection on so once he would run the bound file it will detect the trojan as its being extracted to the temporary folder(or wherever) and delete'd.
Also packing\binding are out for me whereas my victim has file protection on so once he would run the bound file it will detect the trojan as its being extracted to the temporary folder(or wherever) and delete'd.
#40
pugrit
-
- Members
-
- 176 posts
Corporal
Posted 20 March 2004 - 02:40 PM
Greetings.
as of now i have known one trojan that AV wont detect. its RAT by strombringer i think. i got the zipped file and is writtedn in delphi. although it has a GUI, giving commands is still in command line (w/c i prefer rather than just click click and click).and has not a lot of options.i forgot the website , ill try to look it out.
but its great
as of now i have known one trojan that AV wont detect. its RAT by strombringer i think. i got the zipped file and is writtedn in delphi. although it has a GUI, giving commands is still in command line (w/c i prefer rather than just click click and click).and has not a lot of options.i forgot the website
, ill try to look it out.but its great
#41 Guest_extremehacks_*
Guest_extremehacks_*
-
- Guests
Posted 21 March 2004 - 08:02 AM
hey i cant make a new topic?
anyway, ive been looking for a good exe file binder, ive downloaded so many but i was wondering, why are all of the ones i find on the net infected with hack tool or dropper or some kind of detectable virus? isnt there working ones that arent infected?
sorry if this isnt the right place for this topic even if its in another topic, can someone please answer my question.
thanks
anyway, ive been looking for a good exe file binder, ive downloaded so many but i was wondering, why are all of the ones i find on the net infected with hack tool or dropper or some kind of detectable virus? isnt there working ones that arent infected?
sorry if this isnt the right place for this topic even if its in another topic, can someone please answer my question.
thanks
#42
pugrit
-
- Members
-
- 176 posts
Corporal
Posted 21 March 2004 - 10:19 AM
i also noticed that. i try to update my av as much as posible then test new trojans/wares on it...like binders..i binded a auto start for a windrop a placed on internet cafes..on my pc it was ok running fine..but when its time for operation on internet cafes..their AV detect my binded program.
any binders?good ones.
thanks
any binders?good ones.
thanks
#43 Guest_extremehacks_*
Guest_extremehacks_*
-
- Guests
Posted 21 March 2004 - 10:36 AM
weird i downloaded multi binder 1.2.1 yesterday and it wasnt infected, and the binded exe wasnt even infected like usually, i thought i finally found a good one, but today i tried to bind exe files again and norton saw hack.tool on the multi binder program and deleted all the files for that program...
anyone have any good binders at all?
anyone have any good binders at all?
#44
Eyeless
-
- Members
-
- 143 posts
Specialist
Posted 21 March 2004 - 10:06 PM
NakedBind & Multijoiner & Hammer Binder are all greeeaaaaat.
#45
TeXT
-
- Members
-
- 9 posts
Private
Posted 22 March 2004 - 03:54 PM
Who need undetectable trojan's server ... and other viruses.. ?..
I can to make any viruses untetectable 100% by all antiviruses: AVP, Dr.Web, McAfee, Panda, Norton ...
icq: 1554239
mail: fat3@ok.kz
I can to make any viruses untetectable 100% by all antiviruses: AVP, Dr.Web, McAfee, Panda, Norton ...
icq: 1554239
mail: fat3@ok.kz
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
