hi there. Just a short question about one of my server.exe files...
I used a well known rat to create my server.exe and encrypted it. Then, I tried to bind it with a simple game and my AV could'nt tell me fast enough there was a virus...however, when I used the binder to bind the uncrypted server.exe it is not detected.
Does this mean that there's no need to encrypt the server file, or have I done something wrong?
thanks
binder and encryption
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
binding a file in a way it can't be detected by AVs is simply a matter of luck, the files are binded in a pretty random way. so it can happen it works on the 1st time and when you do it again in exactly the same way it don't.
it's the result that counts, and even an encrypted file has to be decrypted again to make it work, so simply use what works best for you....
it's the result that counts, and even an encrypted file has to be decrypted again to make it work, so simply use what works best for you....
- Nerdz
- The Architect
- Posts: 1127
- Joined: 15 Jun 2005, 16:00
- 18
- Location: #db_error in: select usr.location from sucko_member where usr.id=63;
- Contact:
It might sounds stupid but how an exe can create another exe... I mean, when you use a GUI rat to create a server, how does it make the exe... Usually you have to compiled stuff.. no?
The same question apply to a binder...
The same question apply to a binder...
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.
Learn a man to fish, you feed him for life.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, a binder is not really creating a new exe, it's more like a self extracting archive where you can add commands which run on extraction (for dispalying fake error messages for example).
and sure, it's no problem to build new exe files when creating the trojan server, the needed environment is in the dlls of the builder, the environment can be kept very small because only the really necessary parts have to be included and not a full environment like for development platforms.
and sure, it's no problem to build new exe files when creating the trojan server, the needed environment is in the dlls of the builder, the environment can be kept very small because only the really necessary parts have to be included and not a full environment like for development platforms.