FUD through Hex Editor Heading
Introduction
Mostly all Trojans/key loggers are detectable by the antivirus. One of the most common problems being faced is making Trojan/key loggers undetectable from the antivirus. So in this tutorial I am going to tell you how to make your Trojan undetectable from the antivirus. But first you need to understand how antivirus software works.
DETECTION TECHNIQUE
Antivirus software typically uses two different techniques to identify malicious program. First is, signature based malware detection and second is behavior based malware detection. Antivirus software can employ one or both of the methods depending on the sophistications of the program.
Signature-based Malware Detection
Signature-based detection depends on pattern recognition. The antivirus software scans the file in question, comparing specific bytes of code against information in its malware-signature database. If the scanned file has a pattern duplicating one in the database, the file is considered malware.
Behavior-based Malware Detection
In the behavior based malware detection, the antivirus monitors the behavior of a program to determine whether it is malicious or not. For example if any executable tries to write data on another program or want access to write to a locked file. This behavior is identified as suspicious and user is prompted for the action. This malware detection technique is basically used to identify the new malware.
How to make a FUD
In simple words, we can say that if we change the signature of the Trojan/key loggers, we can easily make the Trojan undetectable from the antivirus software. The ways to make Trojan/key loggers undetectable from the antivirus software are listed below.
1. Encryptors/Compressors:
This is a very simple way to make a Trojan undetectable. In this technique we use some encoding software that changes the signature of the Trojans. But the problem is that most of the people use the same software so often that the anti-virus software knows pretty much all the signatures.
2. Hex Editing:
This is much more complicated and takes a lot more practice to get right. The idea here is to find the signature that the antivirus software detects in the Trojan and change it by adding a different byte so that the antivirus cannot detect the Trojan program any more.
3. Byte Adder:
This technique allows you to add junk bytes to your Trojan, so as to confuse anti-virus software. It does this by moving the code inside the executable around, as the bytes are being added. This means that the signature will not be in the place the Anti-Virus expects it to be.
TUTORIAL:
In this tutorial we are going to use hex editing to make a Trojan undetectable. Hex editing is one of the most secure, most complicated technique used by some people to make their file Fully Undetectable (FUD). As we have learnt before that antiviruses use signature based identification to identify a suspicious file read and through hex editing we search for the antivirus flagged signature and change it to some other hex so antivirus can’t identify the file.
These are following tools which you need to be installing on the system to make the Trojan undetectable.
- Antivirus Software
- Hex Editor
- File Splitter
- A Trojan making software
Antivirus Software
I am going to use avast antivirus software for Trojan detection.
Hex Editor
A hex editor is a program that allows a user to manipulate the fundamental binary data that makes up computer files. You can get this software under the following link.
File Splitter
File Splitter is freeware program which does not require installation and can be use to split a file into multiple files as well as to merge multiple files into a single file. You can get this software under the following link.
http://adfoc.us/27264054844831 |
Trojan Making Software
A Trojan making software is used to create a Trojan. In this tutorial I have used a general key logger software program to make the Trojan. It is key logger program which records all keystrokes and sends these key logs through the email. You can get this software through a simple google search for ‘General Key logger’.
These are following steps which you need to follow to make the Trojan undetectable.
These are following steps which you need to follow to make the Trojan undetectable.
Step 1:
First of all turn off your antivirus real-time protection. In my case I am using avast anti-virus so first I will disable the real –time protection.
Step 2:
Download and launch the key logger software, and enter the details like Gmail Username, Gmail Password and Send Logs Every.
Gmail Username: Enter the Gmail ID to which the Trojan will send the key logs.
Gmail Password: Enter the Gmail password of the account.
Send Logs Every: In this text box enter the time period after which you want to receive the logs.
Now click on Build.
Make the key logger server file and place the server file in a folder.
Step 3:
Scan this folder with your anti-virus software and check whether this file is detectable by the anti-virus software.
Now I scan server.exe file with avast antivirus software. You can see this file is detected by the antivirus.
Now I scan server.exe file with avast antivirus software. You can see this file is detected by the antivirus.
Step 4:
Download and launch the File Splitter software. And split your server file with your File Splitter into 200 bytes per file. This may make a lot of files in your selected folder (depending on how large the server file is).
Step 5:
Now Scan the split the files with your anti-virus software and make note of those files which are infected. Those will be once you edit.
In my case only one file server.exe.chunk145 is infected. Now I will edit this file in hex editor.
Step 6:
Now open each infected file in the hex editor and change the offset. There is no full proof way of doing this, you will have to experiment. In my case this is the hex code of the infected file. Now I will change AntiWireShark into antiwireshark and save this file.
There will not be much which you need to change. Just change one character or byte at a time and then save the program. Re-scan to see if it worked. If it did not, go back and try again.
Step 7:
Once you have found all signatures are changed then, Rejoin the file with File Splitter and test your Server to see if it works.
Steps 8:
Scan the server file with the antivirus and we can see now is not detectable by the antivirus.
Remember that too much editing will make your Trojan file useless so be careful while editing the file in the hex editor.
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
I Want to use this medium to appreciate an online ghost hacker, after being ripped off my money he helped me find my cheating lover and helped me hacked his WHATSAPP, GMAIL, kik and all his social media platforms and i got to know that he has being cheating on me and in less than 24 hours he helped me out with everything, hacking setting is trust worthy, contact him via: hackingsetting50@gmail.com
ReplyDeleteMAGIX VEGAS Pro Crack
ReplyDeleteMagix Vegas Pro Keygen (formerly known as SONY VEGAS Pro) is a professional non-linear (NLE) editor for multitrack video and audio editing. This program is designed for multi-channel audio recording and mixing, as well as its main features for video post-production. With all its advantages, you can easily create professional-quality videos (resolutions up to 4k) and high-quality audio formats. Magix Vegas Pro Crack is designed for all needs and skill levels, and it offers real-time multitrack video and audio editing on an unlimited number of tracks.
Samadav Pro Crack
ReplyDeleteSmadav Pro Crack is a useful place where you can easily find Activators, Patch, Full version software Free Download, License key, serial key, keygen, Activation Key and Torrents. Get all of these by easily just on a single click.