Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts

Undetectable Binder Tutorial

Started by vnet576 , Feb 29 2004 12:29 PM

Next

Please log in to reply

26 replies to this topic

#1 vnet576

Specialist

Members
1,000 posts

Posted 29 February 2004 - 12:29 PM

This is the way I've been binding my files, and since I saw eyeless's thread I decided to make a tutorial for it. This is completely undetectable by Kaspersky av and I assume by other lesser AV such as norton, mcafee, etc. I included my binder source, the source for another prog, and my tutorial for this. I also included a bound file called File_Binder.exe. That file contains two very dangerous worms. That is to see if you're av detects it. If it does post what the two worms are and what AV you used. I decided to post the same tutorial on codelinx and here. For specific programming questions about this binder go there. Enjoy:

Undetected by Kaspersky:
http://www.kaspersky...teviruschk.html

Current object: File_Binder.exe
File_Binder.exe Ok

Edit:
Later I plan on adding an encryption algorithm to encrypt the hexdumped data..making it even more secure.

Attached Files

Binder.zip 226.07K 633 downloads

Edited by vnet576, 29 February 2004 - 12:33 PM.

Back to top

#2 fre4k

Specialist

Members
122 posts

Posted 29 February 2004 - 12:37 PM

Many Thx for It! I will test

Back to top

#3 Guest_Flapdrol_*

Guests

Posted 29 February 2004 - 01:12 PM

Dunno what virii you added but I can confirm that McAfee didn't see any suspicious about the files.

Back to top

#4 320X

Staff Sergeant

Members
474 posts

Posted 29 February 2004 - 01:25 PM

thanks vnet576 for the post

Back to top

#5 invisible-boy

Private First Class

Members
20 posts

Posted 29 February 2004 - 02:15 PM

thx @ lot
----
but my AV detect it,
first Bluster ,second W32.Sobig.A@mm "%systemroot%\newfile2.exe"
it detect and not undetect

Back to top

#6 vnet576

Specialist

Members
1,000 posts

Posted 29 February 2004 - 02:33 PM

of course it would...once the files are extracted and ran. I'm talking about the file File_Binder.exe which u would send to the victim.

BTW...I hope you're av detected them before those 2 worms had a chance to execute.

Edited by vnet576, 29 February 2004 - 02:51 PM.

Back to top

#7 fyle

Private First Class

Members
26 posts

Posted 29 February 2004 - 09:51 PM

grisoft AVG detected one as lovesan.A but didn't find anything in the other

Back to top

#8 paskaluis

Private

Members
9 posts

Posted 29 February 2004 - 09:58 PM

thx for the binder File i gonna check it out

Back to top

#9 Guest_nexXx_*

Guests

Posted 01 March 2004 - 12:08 AM

i have scanned it with g-data antivirenkit, but nothing found

Back to top

#10 meinaeiner

Private

Members
13 posts

Posted 01 March 2004 - 12:17 AM

@vnet576

antivir PE reports sorbig.a in file_binder.exe.
nod32 finds nothing.

thx

Back to top

#11 linuxwolf

Corporal

Members
173 posts

Posted 01 March 2004 - 05:06 AM

This looks like a very nice and original piece of work, it's rare, very.
Congratulations vnet, you've got my attention. :ph34r:

Back to top

#12 Eyeless

Specialist

Members
143 posts

Posted 01 March 2004 - 01:26 PM

THANK YOU!

Back to top

#13 d0whc3r

Private First Class

Members
45 posts

Posted 03 March 2004 - 10:18 AM

Thx you!
very usefull, but the trojan is detected when the new file is created hehe

Back to top

#14 vnet576

Specialist

Members
1,000 posts

Posted 03 March 2004 - 12:48 PM

Thx you!
very usefull, but the trojan is detected when the new file is created hehe

Yes I've noticed that..but that is the case with most binders...Once the output file is placed on the desktop it becomes fair game to the AV. I'm open to ideas for bypassing that. I'm currently thinking about injecting the two output trojans directly into memory.