curtuy Posted May 21, 2010 Report Share Posted May 21, 2010 Asa am crezut si eu dar am incercat sa adaug la inceputul fisierului MZhamster{Dil} si serverul inca ruleaza, in textbox [de exemplu] aparand partea de dinainte de {Dil}.Am observat ca defapt inlocuieste caracterele ÿÿ dar totusi merge. Quote Link to comment Share on other sites More sharing options...
Nytro Posted May 21, 2010 Author Report Share Posted May 21, 2010 Nu cred ca am inteles ce ai incercat. Citeste cate ceva despre structura executabilelor: http://rstcenter.com/forum/14184-portable-executable-format.rst?highlight=portable+executablehttp://rstcenter.com/forum/14375-microsoft-portable-executable-common-object-file-format-specification.rst?highlight=portable+executablehttp://rstcenter.com/forum/14376-peering-inside-pe-tour-win32-pe-file-format.rst?highlight=portable+executablehttp://rstcenter.com/forum/14377-depth-look-into-win32-pe-file-format.rst?highlight=portable+executableCam astea ar fi. Si o sa intelegi exact. Quote Link to comment Share on other sites More sharing options...
curtuy Posted May 21, 2010 Report Share Posted May 21, 2010 (edited) Multumesc de linkuri Din ce am citit aici: http://rstcenter.com/forum/14377-depth-look-into-win32-pe-file-format.rst am inteles ceea ce ai spus tu mai sus: ca orice ai scrie la sfarsitul unui executabil e ignorat in memorie:A module in memory represents all the code, data, and resources from an executable file that is needed by a process. Other parts of a PE file may be read, but not mapped in (for instance, relocations). Some parts may not be mapped in at all, for example, when debug information is placed at the end of the file.Dar daca adaug la inceputul fisierului [care am vazut ca e MS-DOS Header] initialele MZ + maxim 58 de caractere, executabilul ruleaza [pana la caracterul ¸ [ALT+0184]].Programul cu care am incercat:Writer [...nu stiu cum ar trebui sa se numeasca]Private Sub Command1_Click()Dim BinStr As StringOpen App.Path & "\Stub.exe" For Binary As #1Put #1, , Text1.TextClose #1End SubStub-ul:Private Sub Form_Load()Dim BinStr As StringOpen App.Path & "\" & App.EXEName & ".exe" For Binary As #1BinStr = Space(100)Get #1, , BinStrClose #1Text1.Text = Split(BinStr, "{DIL}")(0)End SubPS: Scriu la inceputul fisierului pentru ca daca scriu la sfarsit antivirusul mi-l detecteaza ca dropper [poate metodele mele nu sunt bune...] Edited May 21, 2010 by curtuy Quote Link to comment Share on other sites More sharing options...
Nytro Posted May 23, 2010 Author Report Share Posted May 23, 2010 Da, daca vrei sa faci un crypter trebuie sa scapi de antivirusi. Daca ai veni cu o idee originala ar fi perfect. Poti de exemplu sa scrii datele intr-o alta sectiune, dar tot nu faci mare lucru. Poti pune ca fisier de resursa, manual, un fisier, dar si aici trebuie sa ai imaginatie. In plus, problema e la PE Loader, la codul ce incarca executabilul cryptat in memorie. Eu am venit cu o idee originala (control ActiveX care il incarca) care inca functioneaza foarte bine. Problema e cum "arunci" fisierele. Quote Link to comment Share on other sites More sharing options...
curtuy Posted May 24, 2010 Report Share Posted May 24, 2010 Da, daca vrei sa faci un crypter trebuie sa scapi de antivirusi.Scuze, am omis partea cu cryptarea... eu foloseam doar partea cu scrisul datelor la sfarsit, iar pentru cate date am eu de scris in fisier imi ajung si caracterele de la inceput . De cryptat nu am nevoie, pentru ca serverul deja imi e FUD [multumita tutorialului tau de aici http://rstcenter.com/forum/10720-rst-tutorial-vb6-crearea-unui-trojan-vb6-nytro.rst - bine, acuma trojanul face aproape tot ce facea prorat pe vremuri]. Daca pe viitor va trebui sa salvez mai multe date in server, voi folosi varianta cu resursele.Multumesc inca o data pentru linkuri. Quote Link to comment Share on other sites More sharing options...
gara1994 Posted April 23, 2011 Report Share Posted April 23, 2011 Da ce face programu ista ca tot nus:| Quote Link to comment Share on other sites More sharing options...
Nytro Posted April 25, 2011 Author Report Share Posted April 25, 2011 Ce facea mai bine zis. Pe scurt: "transforma" un executabil detectabil intr-unul nedetectabil. Quote Link to comment Share on other sites More sharing options...
graphicsextreme Posted April 26, 2011 Report Share Posted April 26, 2011 05-24-2010, 09:45 AM Ar trebuii sa se adauge font-size:100000% la data,poate vad si miopii astia. Quote Link to comment Share on other sites More sharing options...
NeSsCaFeRO Posted April 29, 2011 Report Share Posted April 29, 2011 Nu conteaza designul daca programul functioneaza si e de calitate xD. Quote Link to comment Share on other sites More sharing options...
Gabriel87 Posted May 16, 2011 Report Share Posted May 16, 2011 Nu conteaza designul daca programul functioneaza si e de calitate xD.Altu alt topic nu ai gasit sa comentezi numai asta vechi:))de deschis merge sa te joci cu el dar nu iti mai face serverul nedetectabil Quote Link to comment Share on other sites More sharing options...
DJNeo Posted May 28, 2011 Report Share Posted May 28, 2011 ce tre` sa modific sa fac "Stub.exe" nedetectabil ? Quote Link to comment Share on other sites More sharing options...
Nytro Posted May 28, 2011 Author Report Share Posted May 28, 2011 Portiunea de cod detectabila... Nu mai stiu care e, probabil Loader-ul inca nu e, e control ActiveX. Vezi partea de "dropping" unde stub-ul se citeste singur incarca executabilul in memorie. Quote Link to comment Share on other sites More sharing options...
justjoker Posted June 10, 2011 Report Share Posted June 10, 2011 Nu va suparati ca va intreb , am folosit si eu acest crypter toate bune si frumoase dar nu inteleg unde salveaza fisierele cryptate !!! Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 10, 2011 Author Report Share Posted June 10, 2011 Salveaza in acelasi folder in care se afla cred. Oricum, nu afiseaza un MsgBox cu locatia dupa ce il salveaza? Nu mai stiu... Quote Link to comment Share on other sites More sharing options...
BogdanWDK Posted September 8, 2011 Report Share Posted September 8, 2011 Stiu ca nu e frumos sa reinvii topicuri ...Am folosit programu cu 10 keyloggere generate de HC stealer si iStealer apoi le-am scanat cu Eset smart security 4 update la zi si ghiciti rezultatul : CLEAN .Asadar , inca functioneaza .Multumesc celor care nu l-au scanat pe VirusTotal .@Nytro : dupa criptare genereaza MsgBox cu locatia fisierului criptat Quote Link to comment Share on other sites More sharing options...
Nytro Posted September 8, 2011 Author Report Share Posted September 8, 2011 Nu stiu ce ai scanat tu... http://www.virustotal.com/file-scan/report.html?id=5228eae4b11ceed3fad19e591b5c800433783503e615560f0739d4f91e4a2d9b-1315512955Si asta e cu un fisier simplu si inofensiv cryptat, pentru ca stub-ul e detectabil. Quote Link to comment Share on other sites More sharing options...
1337 Posted September 13, 2011 Report Share Posted September 13, 2011 Nu mai e fud. Naspa. Quote Link to comment Share on other sites More sharing options...
dansud2007 Posted September 13, 2011 Report Share Posted September 13, 2011 Odata pus pe acest site nu are cum sa ramana fud ! Quote Link to comment Share on other sites More sharing options...
Moderators Dragos Posted September 13, 2011 Moderators Report Share Posted September 13, 2011 Odata pus pe acest site nu are cum sa ramana fud ! Quote Link to comment Share on other sites More sharing options...
vasilica233 Posted March 13, 2012 Report Share Posted March 13, 2012 interesant Quote Link to comment Share on other sites More sharing options...
funboy20_03 Posted March 27, 2012 Report Share Posted March 27, 2012 poate te hotarasti sa ii adaugi optiunde de load stub. Ar fi interesant, si ar fi usor de mentinut [FUD] Quote Link to comment Share on other sites More sharing options...
Endakin Posted March 27, 2012 Report Share Posted March 27, 2012 Nu mai e fud, dar totusi avast nu il detecteaza Quote Link to comment Share on other sites More sharing options...
Nytro Posted March 28, 2012 Author Report Share Posted March 28, 2012 E de acum 3 ani, nu cred ca mai e "util" DESI Loader-ul e un ActiveX care nu cred ca e foarte detectat. Quote Link to comment Share on other sites More sharing options...
aleks3y Posted June 1, 2012 Report Share Posted June 1, 2012 Super tare loaderul, dar din pacate nu toata lumea are privilegii de Administrator.. Cu un loader "imprumutat' si ceva functii skimbate ar merge ca lumea. Oricum super tare asta.. Quote Link to comment Share on other sites More sharing options...
LoseControL Posted June 3, 2012 Report Share Posted June 3, 2012 Bitdefender Report : Nume virus: Gen:Trojan.Heur.pm0@dTFCVpki Quote Link to comment Share on other sites More sharing options...