sted by Nik P on Monday, July 16, 2012
I have already explained about Hexing tutorial which you can used to bypass antivirus detection of your keylog file.
Today in this article i am going to give short description of hexing tutorial because now days its difficult to get the working free crypter and most of the crypter are not free, So Hex editing is the only way to make our keylogger file fully undectable(FUD).
Don’t forget to Subscribe to our RSS
What is Hexing ?
Hexing is the the process of modifying application files using Hex editors (softwares used to edit files in hex format).
How Antivirus works ?
Antivirus works in a pretty complex way. To summarize its working in short, antivirus has virus definitions (also called signatures) stored in its database. While scanning a file, Antivirus searches for these virus definitions or signatures in a file and if it finds these signatures in a file, it flags these files as virus.
How to make virus undetectable?
When you have created the virus file, simply open the virus trojan file in Hex editor and search for signature which Antivirus has flagged as virus definition. We have to change this signature such that it will not affect the working of our trojan virus. Once you have successfully changed this signature, antivirus will not detect your trojan virus, thus making this virus trojan FUD.
Previously covered topics :
- How to make trojan virus undetectable by hex editor
- Hexing using Dsplit | Hide trojans from antivirus detection
- Bypass Antivirus Detection
- Hexing Reader Queries: How to compare two files in Hex Workshop
Things that are required for Hexing
- File Splitter
- Hex Editing Software
- Keylogger - Winspy / Sniperspy / Ardamax
- Antivirus
First make server file (Keylog file) using keylogger after that place that server server in a folder. Here I have created folder "A" and put that server(My server name is test.exe) file in it.
Okay now once you have placed the server in the folder lets scan it.
Here my test.exe file is infected.
Now open The File Splitter to split the file.
In the file splitter, browse to the test.exe file which you want to split and choose Custom size option.
Now File Splitter tells me that this test.exe is exactly 53,495 bytes and I want to split it into 4 pieces. So I divide 53,495 by 4, now place the number you got after dividing it and place it in the splitter custom size box like I have at the bottom. Now click on Split.
Now you will get the splitted files in the same directory like I have below which is in Folder "A".
Now scan each of them to figure out which file is infected and after that we have to split that infected file again. Now once you have figured out that infected file, make a new folder in same folder. Here I got test.exe.3 file infected, so I'm gonna make a new folder with name "3" .
Now again split that infected file test.exe.3 file into 4 pieces and change the output folder to 3 like I have in the picture below.
Now scan all the files to figure out which file is infected and after that we have to split that infected file again.
Now once you have figured out that infected file, make a new folder in same folder. Here I got test.exe.3.3 file infected, so I'm gonna make a new folder with name "3" again in folder "3". Once you made new folder named "3", again open up file splitter and browse to the file that got detected, mine was test.exe.3.3 and select the output directory to the folder we just made which was the folder named "3" which is in the folder named "3".
Now open that new folder which is "3" and scan the all files. Now once you have figured out that infected file, make a new folder in same folder. Here I got test.exe.3.3.4 file infected, so I'm gonna make a new folder and name it "4".
Now in file splitter pick the file that got detected which was test.exe.3.3.4 for me and choose the new folder we made with named "4".
Now lets scan all the new files and see which got detected. Once we find that infected file, open that infected file with the HEX editor and see if its still to big to figure out what we need to change.
Ok so here it's test.3.3.4.1 that we need to edit, do open it with hex editor,
Now the virus signature is in here in hex editor and its not that much hard now to find it out. I finger it out by looking for something that stands out or guesssing. After that you have to do is change a letter from capital to a lower case. here in my example I changed the word D to a lower case from the word DLLHOOKSTRUCT.
Now save it and exit and scan it. It should be undectable.
Finally its FUD .. Now you need to do compile it and scan it one more time and run it to test.
How to Complile : Here i will show you one example and after that you can figure out the rest by your own.
Now you see the splitter icon inside your folder, here in my example it is create_test.exe.3.3, click on it and it will recompile the file, and create one more file. Here in my example it create file "test.exe.3.3.4"
Now copy that newly created file which is "test.exe.3.3.4" and go back one directory and past it then it will ask you to replace it click yes and keep doing this till you go back to first directory. And your done.
After that scan one more time to check whether its FUD or not.
thats it friends..
Comments :
0 comments to “How To Make Keylogger 100% FUD Using Hexing Technique - ”
Post a Comment