I have already explained about Hexing tutorial which you can used to bypass antivirus detection of your keylog file.
Today in this article i am going to give short description of hexing tutorial because now days its difficult to get the working free crypter and most of the crypter are not free, So Hex editing is the only way to make our keylogger file fully undectable(FUD).
Don’t forget to Subscribe to our RSS feed
What is Hexing ?
Hexing is the the process of modifying application files using Hex editors (softwares used to edit files in hex format).
How Antivirus works ?
Antivirus works in a pretty complex way. To summarize its working in short, antivirus has virus definitions (also called signatures) stored in its database. While scanning a file, Antivirus searches for these virus definitions or signatures in a file and if it finds these signatures in a file, it flags these files as virus.
How to make virus undetectable?
When you have created the virus file, simply open the virus trojan file in Hex editor and search for signature which Antivirus has flagged as virus definition. We have to change this signature such that it will not affect the working of our trojan virus. Once you have successfully changed this signature, antivirus will not detect your trojan virus, thus making this virus trojan FUD.
Previously covered topics :
- How to make trojan virus undetectable by hex editor
- Hexing using Dsplit | Hide trojans from antivirus detection
- Bypass Antivirus Detection
- Hexing Reader Queries: How to compare two files in Hex Workshop
Things that are required for Hexing
- File Splitter
- Hex Editing Software
- Keylogger - Winspy / Sniperspy / Ardamax
- Antivirus
First make server file (Keylog file) using keylogger after that place that server server in a folder. Here I have created folder "A" and put that server(My server name is test.exe) file in it.
Okay now once you have placed the server in the folder lets scan it.
Here my test.exe file is infected.
Now open The File Splitter to split the file.
In the file splitter, browse to the test.exe file which you want to split and choose Custom size option.
Now File Splitter tells me that this test.exe is exactly 53,495 bytes and I want to split it into 4 pieces. So I divide 53,495 by 4, now place the number you got after dividing it and place it in the splitter custom size box like I have at the bottom. Now click on Split.
Now you will get the splitted files in the same directory like I have below which is in Folder "A".
Now scan each of them to figure out which file is infected and after that we have to split that infected file again. Now once you have figured out that infected file, make a new folder in same folder. Here I got test.exe.3 file infected, so I'm gonna make a new folder with name "3" .
Now again split that infected file test.exe.3 file into 4 pieces and change the output folder to 3 like I have in the picture below.
Now scan all the files to figure out which file is infected and after that we have to split that infected file again.
Now once you have figured out that infected file, make a new folder in same folder. Here I got test.exe.3.3 file infected, so I'm gonna make a new folder with name "3" again in folder "3". Once you made new folder named "3", again open up file splitter and browse to the file that got detected, mine was test.exe.3.3 and select the output directory to the folder we just made which was the folder named "3" which is in the folder named "3".
Now open that new folder which is "3" and scan the all files. Now once you have figured out that infected file, make a new folder in same folder. Here I got test.exe.3.3.4 file infected, so I'm gonna make a new folder and name it "4".
Now in file splitter pick the file that got detected which was test.exe.3.3.4 for me and choose the new folder we made with named "4".
Now lets scan all the new files and see which got detected. Once we find that infected file, open that infected file with the HEX editor and see if its still to big to figure out what we need to change.
Ok so here it's test.3.3.4.1 that we need to edit, do open it with hex editor,
Now the virus signature is in here in hex editor and its not that much hard now to find it out. I finger it out by looking for something that stands out or guesssing. After that you have to do is change a letter from capital to a lower case. here in my example I changed the word D to a lower case from the word DLLHOOKSTRUCT.
Now save it and exit and scan it. It should be undectable.
Finally its FUD .. Now you need to do compile it and scan it one more time and run it to test.
How to Complile : Here i will show you one example and after that you can figure out the rest by your own.
Now you see the splitter icon inside your folder, here in my example it is create_test.exe.3.3, click on it and it will recompile the file, and create one more file. Here in my example it create file "test.exe.3.3.4"
Now copy that newly created file which is "test.exe.3.3.4" and go back one directory and past it then it will ask you to replace it click yes and keep doing this till you go back to first directory. And your done.
After that scan one more time to check whether its FUD or not.
thats it friends..
Update : If you want to hack Gmail, Myspace and other email account passwords, please use the best Hacking Softwares,
- Facebook, Hotmail, Gmail Passowrd hacking through Winspy Keylogger
- Remote Password Hacking Software - Sniperspy keylogger
- How To Hack Password Through Mobile
I hope now you can easily make your keylog file(server) fully undectable using this hexing technique without using any keylogger.If you have any problem in making your keylog(server) file 100% fully undectable(FUD) to bypass antivirus detection using hexing technique then, mention it in comments section.
HappY HaCkInG..
Filed Under: CRYPTER , CRYPTOGRAPHY
If you enjoyed this post and wish to be informed whenever a new post is published, then make sure you subscribe to my regular Email Updates.
Subscribe Now!
Do you need to know what your child is doing on the computer? Do you want to know what your loved ones or spouse or kids are doing on the computer? Do you need to monitor what your employees are doing during work hours? Are they working or playing?
Winspy Keylogger
is intended to help you in these kind of situations. It can show you exactly what is being done on the computer at any time.
Click Here To Download Winspy Keylogger
Logging you in...
soooanon · 664 weeks ago
any advice?
redheron · 663 weeks ago
HeliX · 663 weeks ago
1 Nothing stands out ATM and 2. I've been guessing/ studying PE structure/hexing for ~ a week now, it would be nice to elaborate "what stands out" or post a good link on hexing?? File split to 1kb so nice and small, but having hard time wrapping my mind around what to be looking for.
Sarmad · 663 weeks ago
1- you get a server file from remote installation setup, that is detected by any antivirus.
2- you bind this server file with other programs so that you can send it to other computer, mostly again it is detected.
3- If you find a file binder that really makes it FUD and it is successfully installed on the remote computer, it is detected when the programs starts in hidden mode.
Believe me i have tested everything.
Is there a way to create some sort of a registry file that automatically add file exclusion to the antivirus, so that it could run? Waiting for reply
rony · 657 weeks ago
tell me how is this possible ?
my email id is ronyrai007@gmail.com
pls sand me the solution.
thanx
alankennedy · 656 weeks ago
Admin 86p · 656 weeks ago
danrevella · 654 weeks ago
What can I do for this? Also Nod32 runit in his sandbox!!!
Anonymous · 648 weeks ago
Can i ask what anti virus you use i cant scan the file because it scan all of my computer..........and it takes an hour...........
aivis · 631 weeks ago
after that i tired it on script that deletes AV on pc and i got a lot of this:
琀猀欀椀氀氀 ⼀䄀 攀眀椀搀⨀ഀ琀猀欀椀氀氀 ⼀䄀 最甀愀爀搀⨀ഀ琀猀欀椀氀氀 ⼀䄀 最甀愀爀⨀ഀ琀猀欀椀氀氀 ⼀䄀 最挀愀猀䐀琀⨀ഀ琀猀欀椀氀氀 ⼀䄀 洀猀洀瀀⨀ഀ挀氀猀ഀ琀猀欀椀氀氀 ⼀䄀 洀挀愀昀攀⨀ഀ琀猀欀椀氀氀 ⼀䄀 洀最栀琀洀氀ഀ琀猀欀椀氀氀 ⼀䄀 洀猀椀攀砀攀挀ഀ琀猀欀椀氀氀 ⼀䄀 漀甀琀瀀漀猀琀ഀ琀猀欀椀氀氀 ⼀䄀 椀猀愀昀攀ഀ琀猀欀椀氀氀 ⼀䄀 稀愀瀀⨀ഀ挀氀猀ഀ琀猀欀椀氀氀 ⼀䄀 稀愀甀椀渀猀琀ഀ琀猀欀椀氀氀 ⼀䄀 甀瀀搀⨀ഀ琀猀欀椀氀氀 ⼀䄀 稀氀挀氀椀攀渀⨀ഀ琀猀
damned · 631 weeks ago
www.ukessay.biz · 535 weeks ago
Alfred Etheridge · 533 weeks ago
assіgnment wrіtіng · 513 weeks ago