How to FUD your trojan/server with a HEX editing & File splitting method




.



Our FUDDING tool requirements and download links.



First of course an AV what I am going to be using is AVAST the free edition.


File splitter to split our servers to find out where the virus signature is to modify it.

Best hex editor I have found and its free of charge.




Now lets begin.



Now go grab the server you want to edit mine is going to be a Spyrex keylogger server you can use any keylogger server like neptune,ardamax,elite..etcetc.


Before we begin turn AV off.
You result may vary on AV your using. 


Now place you server in a folder I recommend naming it A trust me on this. Now my server name is test.exe.

Okay now once you have placed the server in a file lets scan it.
And.......
OMG it got caught 

 

Ok now where to start open The File Splitter and Calc.exe to split the  file.
In
the file splitter browse to the server you want to split and choose
Custom size. Now it tells me that this server is exactly 53,495 bytes
and I want to split it into 4 pieces. So I go to Calc and divide it by 4
now place the number you got after dividing it and place it in the
splitter custom size box like I have at the bottom. Now click on Split.


 



Now you should get the files in the same directory like I have below.






Now scan each of them to figure out witch file we have to split again.
 
 Now once you have figured it out make a new folder named the part
number that was detected now I got part 3 so I'm gonna make a new folder
named 3 . 



Now I
hope you didn't close file splitter if so reopen it and browse to
test.exe.3 to split and change the output folder to 3 like I have in the
picture below. We are also going to split this file into 4 pieces again
so open up Calc and divide by 4.
I made a drawing on this if your confused 





Now you should have this inside folder named 3.


 

Now
scan each file again to figure out witch file we need to split but also
be aware of how small the file is getting. Once you figure out witch
file needs splitting make a new folder with the parts name. I got part
test.exe.3.3 so I am going to make a new folder and name it 3.



 


Now
once you made new folder named 3 open up file splitter and browse to
the file that got detected mine was test.exe.3.3 and pick the output
directory to the folder we just made witch was the folder named 3.









Now
browse to the new folder and scan the new files we split. As you can
see test.exe.3.3.4 was detected so I'm gonna make a new folder and name
it 4.


 




Now in file splitter pick the file that got detected witch was test.exe.3.3.4 and choose the new folder we made named 4.




 

 Now lets scan the new files and see witch got detected ocne we find it open it up with the HEX editor and see if its still to big to figure out what we need to change.



 


Ok so it's test.3.3.4.1 that we need to edit do open it up with your favorite hex editor or use the one I provided earlier. Once you open it it will look something like this.







Now
the virus signature is in here don't get scared its not that hard now
my method of figuring it is looking for something that stands out or
guesssing. All you really have to do is change a letter from capital to a
lower case one now what worked for me was changing D to a lower case
from the word DLLHOOKSTRUCT. 


Congratz now its FUD now all you need to do it compile it and scan it one more time and run it to test.

Now compiling I will show you one example and you can figure out the rest by your own.



Now you see the splitter icon inside your folder click on it and it will recompile the file.

 




Now

once you made that file copy it and go back one directory and past it 
then it will ask you to replace it click yes and keep doing this till 
you go back to first directory. And your done.




 




I really hope you learn something this took me like 3 hours.





Responses

17 Respones to "How to FUD your trojan/server with a HEX editing & File splitting method"

vishal said...

hey dude how can i create a FUD phisher ?


January 18, 2012 at 2:44 AM
Devendra said...

use good social engineering & urlshortner to make ur phisher fud..
u can also get a .co.cc domain or .tk domain on ur free webhosting which allows the phishing page to bypass facebook filters.


January 23, 2012 at 7:14 AM
vishal said...

i hav already made a domain on dot.tk ... but it is easily detachable by Facebook And Gmail ?
wt 2do to make it undetachable ?
help appreciated bro ..


January 24, 2012 at 8:02 AM
Devendra said...

try it with .co.cc
well if u cant hack thru facebook then u can also try it with ur victim s email id it is much better attack as i have showed the demo in thi tutorial hack fb with email phishing
http://devzcyberarena.blogspot.com/2011/10/how-to-hack-facebookemail-account.html

vdeo tut:
http://www.youtube.com/watch?v=x0i57HxavY0


January 25, 2012 at 6:52 AM
vishal said...

i did saw ur video tut ...
ur performing phishing with gmail account ..
whenever i send that gmail phishing link to victim thru mail.... it get easily detected by gmail ..??
wt 2du ?.. so i wont get caught


January 26, 2012 at 12:40 AM
Devendra said...

did u use any url shorter ?


January 26, 2012 at 2:20 AM
vishal said...

ya .. i used tinyurl.com to shorten my URL ..
then too its detected by Gmail ??


January 26, 2012 at 5:34 AM
Devendra said...

f*k dont use that use goo.gl ,bit.ly..or any other..be a good social engineer u will nerver get caught :).!!!


January 27, 2012 at 12:49 AM
vishal said...

yea... devendra ..
as u said i shorten my phishing link with goo.gl ...
wen i send that shortend link 2the victim...Gmail shows the following message to the victim.. (Warning – phishing (web forgery) suspected)
:(


January 27, 2012 at 4:26 AM
Devendra said...

mails are detectable so u better try it thru chat okay !!


January 27, 2012 at 6:17 AM
vishal said...

oh ..
i thought as ur an ethical hacker.. u will be easily providing solution to this problem...


January 28, 2012 at 4:57 AM
Devendra said...

bro..in my case i can make a good trap & can easily bypass gmail :)!!!


January 28, 2012 at 6:09 AM
Devendra said...

i am nt an ethical hacker bro i am a learner .. computing,hacking,blogging is just my hobby.. not my proffesion i am 19 year old student :p!!!


January 28, 2012 at 6:10 AM
vishal said...

if u can set a good trap n bypass gmail ..den y dont u tell ur blog visitors...??
well i daily visit ur blog to learn some exciting things related to hacking...not like others blog whose hacks doesnt even work also ..


January 28, 2012 at 9:47 PM
Devendra said...

tahnx fr ur comments ..i m happy to listen that u visit my blog daily..
i'll soon post ...about phishing more!!!


January 29, 2012 at 1:22 AM
vishal said...

ok ..
bt post sumthing related to phishing in which the phishing link vl not detected by any social networking site man ?


January 30, 2012 at 3:56 AM
Kris ProHacks said...

nice tutorial bro thanx for this gonna use ur tutorial but gonna write the credits as u bro cause i aint one of them copy and pasters who doesnt give credits i hate people like that lol thx bro i needed this u deserve a handshake ;)


November 24, 2012 at 2:53 PM

Post a Comment

Latest From us

Loki v1.8 Botnet | All Browser Stealer | Keylogger | Resident Loader | Pony Stealer 4.0

Loki Bot - Resident Loader and Password Stealer Demo Video   Loki Bot is resident loader and password Stealer. I...

Instructions

THIS WEBSITE IS BUILT BY ME FOR EDUCATIONAL PURPOSE. IF YOU USE THIS INFORMATION TO HARM ANY SUBSTANCE OR COMMUNITY PERSONALLY AND GOT CAUGHT THAN WE ARE NOT RESPONSIBLE, EXPAND YOUR INFORMATION,SHARE UR THOUGHTS AND KNOWLEDGE WITH US. MAIL ME ON RRRICKY.SAINI2@GMAIL.COM

Contributors

Stay Connected

DMCA.com
Return to top of page Copyright © 2011 | Platinum Theme Converted into Blogger Template by devzcyberarena