How to make a trojan looks like JPG

**~T4h5iN~** · 09-25-2008, 11:10 PM

HOW TO MAKE A TROJAN LOOK LIKE A JPG

So many questions were asked on bulletin board and IR - for example, how to hide a Trojan in a picture -
that I decided to write this short explanation.

This trick works only by sending a picture to someone on ICQ.
How to make this work?

1 Find a small Trojan. Best not detected by AVP.
2 Find a binder that can bind a JPG to an exe. Best not detected by AVP.
3 Rename the result file and change the icon.

1 First you must find a small Trojan to bind to the picture.
That way the size will not be too big and the receiver won`t get suspicious by long
downloading times or big picture sizes.

The best is to use a small Trojan with ICQ notify.
Then you get a notify on ICQ with IP address.
You need that to connect and to upload another Trojan that has more functions.
Many of them are out there:
MiniCommand 1.2, FC`s InCommand, Slim`s Asylum and Webasylum, WWWPW.
There are lots of them, and new ones getting available every day. Try to get an unpacked server,
so you can pack the server.
If the server is packed, it is harder for antivirus programs to detect it.
Edit the server.

Then test the server on your own computer, to see if you get an ICQ pager.
Make this work. Else edit the server again. Do not forget to remove the server afterwards.
You can do this by connecting to 127.0.0.1, your own IP.
Then give the command: "remove server".

To prevent recognition of antivirus programs you should then pack the server.
Use an exe packer or compressor for that. A lot of packers you can find on the net.
At Here you'll find some.
But the AVP also uses unpackers, so find one that is not so familiar.
A list of what AVP recognizes of Trojans and what kind of decompressing it does,
can be find here.
Then you should test the server for AVP recognition.
If AVP recognizes the server, you should try another packer, or another Trojan server.

2 The goal is that the victim sees the picture and
that the server is secretly executed at the same time.
To make one file of the server and the JPG, you use a "exe binder" or "joiner".
These ones are also recognized by AVP. So it is important to find one that is not detected.
Take a new one and try it out with AVP.
Binders you can find at here.
Not all binders do bind a JPG to an exe, so find the right one.

3 Next step is to make the result look like a JPG when you send it by ICQ.
With some binders you can change the icon. Else you can use Microangelo to edit the icon.
You can get that at download.com.
Last step is to make the .exe disappear.
You can do that by renaming the result to "me.in.the.car.without.wearing.a.bra.exe"
That way the name is too long to see the "exe".
Or rename the result like this: Mypic.jpg .exe
Put so many spaces between jpg and exe, so that the exe does not show up when you send the file.

When you get the notify you have remote control.
Remove the result.exe and upload the normal JPG instead.
Removing your traces a little.

09-25-2008, 11:10 PM	#1 (permalink)
~T4h5iN~ 4__U Join Date: May 2008 Location: Bangladesh Posts: 1,298 Thanks: 839 Thanked 2,469 Times in 826 Posts Reputation: 20000	How to make a trojan looks like JPG HOW TO MAKE A TROJAN LOOK LIKE A JPG So many questions were asked on bulletin board and IR - for example, how to hide a Trojan in a picture - that I decided to write this short explanation. This trick works only by sending a picture to someone on ICQ. How to make this work? 1 Find a small Trojan. Best not detected by AVP. 2 Find a binder that can bind a JPG to an exe. Best not detected by AVP. 3 Rename the result file and change the icon. 1 First you must find a small Trojan to bind to the picture. That way the size will not be too big and the receiver won`t get suspicious by long downloading times or big picture sizes. The best is to use a small Trojan with ICQ notify. Then you get a notify on ICQ with IP address. You need that to connect and to upload another Trojan that has more functions. Many of them are out there: MiniCommand 1.2, FC`s InCommand, Slim`s Asylum and Webasylum, WWWPW. There are lots of them, and new ones getting available every day. Try to get an unpacked server, so you can pack the server. If the server is packed, it is harder for antivirus programs to detect it. Edit the server. Then test the server on your own computer, to see if you get an ICQ pager. Make this work. Else edit the server again. Do not forget to remove the server afterwards. You can do this by connecting to 127.0.0.1, your own IP. Then give the command: "remove server". To prevent recognition of antivirus programs you should then pack the server. Use an exe packer or compressor for that. A lot of packers you can find on the net. At Here you'll find some. But the AVP also uses unpackers, so find one that is not so familiar. A list of what AVP recognizes of Trojans and what kind of decompressing it does, can be find here. Then you should test the server for AVP recognition. If AVP recognizes the server, you should try another packer, or another Trojan server. 2 The goal is that the victim sees the picture and that the server is secretly executed at the same time. To make one file of the server and the JPG, you use a "exe binder" or "joiner". These ones are also recognized by AVP. So it is important to find one that is not detected. Take a new one and try it out with AVP. Binders you can find at here. Not all binders do bind a JPG to an exe, so find the right one. 3 Next step is to make the result look like a JPG when you send it by ICQ. With some binders you can change the icon. Else you can use Microangelo to edit the icon. You can get that at download.com. Last step is to make the .exe disappear. You can do that by renaming the result to "me.in.the.car.without.wearing.a.bra.exe" That way the name is too long to see the "exe". Or rename the result like this: Mypic.jpg .exe Put so many spaces between jpg and exe, so that the exe does not show up when you send the file. When you get the notify you have remote control. Remove the result.exe and upload the normal JPG instead. Removing your traces a little.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Y!M trojan	~T4h5iN~	Hackers' Lounge	4	10-30-2008 02:52 AM
Need help with my trojan :(	geon106	Hackers' Lounge	2	05-10-2008 02:57 AM
M-T Trojan	shabzl33t	Hackers' Lounge	4	05-08-2008 06:17 AM
How to make TROJAN, Try it on ur own risk	shabzl33t	Programming related	1	03-05-2008 10:10 PM