make trojan undetectable to antiviruses.
As you know, I am working a lot on Undetection Techniques these days and many of readers found it difficult to implement Hexing. So, I thought of answering to the queries by writing this article.
Hexing Queries Solved:
The most asked query was how to compare two files using Hex Workshop. So, I am demonstrating this in below article.
1. Download Hexing Files Package which I will be using in this article.
2. The downloaded file is zipped and password protected. Click here to get the password.
3. Consider files 7107.exe and 7108.exe in the package. Also, install Hex workshop by double clicking on "hw32v601.exe".
4. Open Hex Workshop. Now, Go to Tools ->Compare ->Compare Files to see:
5. Now, select the file 7107.exe in first option and 7108.exe in second one. Hit on OK. You will see hex values arranged in Green and Red color as shown below.
There are two categories:
Green: Matched values
Red : Unmatched / Deleted values.
So, here we want Deleted value which is shown in Red. Thus, we have obtained hex offset which contains virus signature which is 0x00001BC3 over here (red value).
Also, I was asked about what is Dos Prompt. So, here is clarification in below image:
Now, if you will click on "00" offset, you will find "."(full-stop) underlined in Dos Prompt. Similarly, if you click on "."(full-stop) present after "FreezerLive" in Dos Prompt, you will find "00" underlined.
Now, open IceGoldFreezer.exe and goto offset 0x00001BC3. So, to change virus signature, you have to change "." to space. So, click on "." present after "FreezerLive" in Dos Prompt and simply hit space bar and its hex value will be changed(its "20").
Save the file and scan this IceGoldFreezer.exe with Avira antivirus. You will have this Freezer undetectable to antivirus.
I hope many of you will be now having your queries solved after reading this article. If you still have queries and not addressed in this article, please mention it in comments.
Enjoy Hexing to make virus undetectable...
Filed Under: UNDETECTION TECHNIQUES
If you enjoyed this post and wish to be informed whenever a new post is published, then make sure you subscribe to my regular Email Updates.
Subscribe Now!
Do you need to know what your child is doing on the computer? Do you want to know what your loved ones or spouse or kids are doing on the computer? Do you need to monitor what your employees are doing during work hours? Are they working or playing?
Winspy Keylogger
is intended to help you in these kind of situations. It can show you exactly what is being done on the computer at any time.
Click Here To Download Winspy Keylogger
Logging you in...
noname · 772 weeks ago
Admin 86p · 772 weeks ago
Dak Meng · 746 weeks ago
i hav been scan for my trojan file with eset..
it detect "v" from the word advopi32.dll is my virus signature..
so i changed it to ADVOPI32.dll ...
then i scan my files,it still detect the trojan inside..
i dont know what to do now..
hope u can help me out...
Admin 86p · 746 weeks ago
beoz of hosting problem remove my all downloading links.
Dak Meng · 746 weeks ago
i hav hex workshop.. and i used it to edit it..
can u do it for me? i juz want to look a sample...
or giv me another way..
betong pai · 663 weeks ago
But - the problem is now the exe doesnt work...when I run the exe in Win 7...I get:
"xyz.exe has stopped working" (check online for a solution or close the program)
what do i do?
Rick · 641 weeks ago
Hoping for your affective and immediate response.