Government Security
Network Security Resources

Jump to content

Photo

Undetectable Binder Tutorial


  • Please log in to reply
26 replies to this topic

#16 pdf

pdf

    Specialist

  • Members
  • 110 posts

Posted 03 March 2004 - 01:45 PM

wtf "File_Binder.exe" is a w32.blaster.worm

it creates some files in system directory!

#17 vnet576

vnet576

    Specialist

  • Members
  • 1,000 posts

Posted 03 March 2004 - 02:11 PM

This is open source, I included the C++ sources of everything that I did. However if u're more comfortable with ASM then go right ahead..this project was meant to be open sourced. ;)

#18 vnet576

vnet576

    Specialist

  • Members
  • 1,000 posts

Posted 03 March 2004 - 02:14 PM

wtf "File_Binder.exe" is a w32.blaster.worm

it creates some files in system directory!

Of course it does rofl. This is why you should read the tutorial before you run any file. Geez some people.

Oh and btw you have been infected with blaster and Sobig worms. Refer yourself to symantec.com for disinfection. Next time read the code and tutorial before running anything. :lol:

#19 Axl

Axl

    Staff Sergeant

  • Sergeant Major
  • 338 posts

Posted 06 March 2004 - 08:43 PM

Heh nils, great guy gotta love rbot

#20 Deltax

Deltax

    Private First Class

  • Members
  • 27 posts

Posted 07 March 2004 - 02:40 AM

its infected with the blaster virus..

#21 apusnaias

apusnaias

    Private First Class

  • Members
  • 40 posts

Posted 07 March 2004 - 06:16 AM

very nice post =)

in zip file my kav detect a TrojanDropper.Win32.Bender.

i didn't execute the exe :)

thx man

#22 vnet576

vnet576

    Specialist

  • Members
  • 1,000 posts

Posted 07 March 2004 - 09:39 AM

Well what do you know...haha..those bastards classified my program as a virus now. Guess one of those people downloading this was from the AV companies. You could've at least named it better...TrojanDropper.Win32.Vnet.Ownz.You...

Time to learn those polymorphic functions..and self encrypted functions..see if you bastards can detect that.

One more thing...you guys at Kaspersky better find better ways of detecting trojans. The first one that I made..donno how you got your hands on it.all you did was detect it based on the registry key I used. Now the registry key is completely random..gotta do better than that next time. ;)

#23 tianzhen

tianzhen

    Private First Class

  • Members
  • 92 posts

Posted 08 March 2004 - 01:58 AM

wtf "File_Binder.exe" is a w32.blaster.worm

it creates some files in system directory!

Of course it does rofl. This is why you should read the tutorial before you run any file. Geez some people.

Oh and btw you have been infected with blaster and Sobig worms. Refer yourself to symantec.com for disinfection. Next time read the code and tutorial before running anything. :lol:

:D

#24 dmg

dmg

    Corporal

  • Members
  • 156 posts

Posted 08 March 2004 - 01:04 PM

Very interesting tut mate!! Works like a charm.

Unbelievable some people have the nerve to reply "It's infected with blaster!!".... One guy even get's himself infected.... OMFG how stupid can you be :rolleyes:

#25 squ

squ

    Private First Class

  • Members
  • 21 posts

Posted 14 March 2004 - 04:19 AM

I'v found this topic today (i'm new user) and after lecture of the first post i thought - man by posting your binder here your going to kill it - AV will get it recognized...
But as you have probably already noticed - few changes in your source will make your binder undetectable again - Av definitons are usually very lame.
Few words about binders... if you ppl cannot code yourself (i cant too :/) use NSIS - it wont be detectable and its so simple with HM NIS edit.

Regards :)

#26 Anarchiste

Anarchiste

    Private First Class

  • Members
  • 95 posts

Posted 19 March 2004 - 08:41 AM

Thx i will test this...i was looking for a binder :D

#27 han79

han79

    Private

  • Members
  • 1 posts

Posted 26 March 2012 - 12:38 AM

thinks :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users