i'm looking for some info on how to bind perhaps a .bat file and a .jpg...
i googled around and i found how to HIDE .rar and misc files in a jpg but im looking to combine them so when someone double clicks the jpg the other file is executed as well, i checked the download section and saw the exe.+exe. binders, would those progs help my situation?
file binding
file binding
[img]http://img.photobucket.com/albums/v328/trenchcoatskrilla/biohazard.gif[/img]
i went through the download section downloading every binder and trying it..some i got a error they had to be .exe and others mutated them into a handicapped spawn 
but for future reference, freshbind does the job very nicely =) i gave it a quick try on my virtual windows and i got some nice results, the actual icon of the final file will need adjusted a little, freshbind probably has that solution or you could work some magic and make it look like a legit jpg....perhaps keep this thread open and explore some more possibilities, timed execution of the "non jpg file"?
thanks b_b *loves*
but for future reference, freshbind does the job very nicely =) i gave it a quick try on my virtual windows and i got some nice results, the actual icon of the final file will need adjusted a little, freshbind probably has that solution or you could work some magic and make it look like a legit jpg....perhaps keep this thread open and explore some more possibilities, timed execution of the "non jpg file"?thanks b_b *loves*
[img]http://img.photobucket.com/albums/v328/trenchcoatskrilla/biohazard.gif[/img]
-
Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
I will have to check freshbind out.. thanks
now on to detecting a binded file.. tell me if this sounds acurate to you or not. There have been torrents i have seen, say it is a video .avi file.. when i scan it with avast anti virus (just right clicking on the single avi file and going to scan) once it a while i seen it say scanning 2 files > test complete > no virus found, ect.. but the avi is only one file, so im guessing that is a good way to detect a binded file with avast.. it will show 2 files being scanned instead of one, it may pass the virus check but you will see that the file is binded because it is showing 2 files being scanned in one file
any other good ways to detect a binded file that you guys know of?
now on to detecting a binded file.. tell me if this sounds acurate to you or not. There have been torrents i have seen, say it is a video .avi file.. when i scan it with avast anti virus (just right clicking on the single avi file and going to scan) once it a while i seen it say scanning 2 files > test complete > no virus found, ect.. but the avi is only one file, so im guessing that is a good way to detect a binded file with avast.. it will show 2 files being scanned instead of one, it may pass the virus check but you will see that the file is binded because it is showing 2 files being scanned in one file
any other good ways to detect a binded file that you guys know of?
freshbind
interestingly enough I found this on freshbind. AVP/Firewalls might block the execution of this app, it has been out since 2003, and is considered malware. Below is some important info to double check you have the valid app if you find it on the 'net.
Category: Binder: A tool that combines two or more files into a single file, usually for the purpose of hiding one of them. A binder compiles the list of files that you select into one host file, which you can rename. A host file is a simple custom compiled program that will decompress and launch the source programs. When you start the host, the embedded files in it are automatically decompressed and launched. When a trojan is bound with Notepad, for instance, the result will appear to be Notepad, and appear to run like Notepad, but the Trojan will also be run.
Files included:
freshbind.exe
readme.txt
stub.exe
Running processes:
freshbind.exe
stub.exe
--
Filename: freshbind.exe
Size: 247296
Filedate: 8/4/2003 4:48:48 PM
PVT: -369583730
MD5: 02e62a2ad67ce0e14896e441ba748a51
Calls to Kernel32: getprocaddress exitprocess
Calls to User32: getdc
Other Calls: loadlibrarya imagelist shellexecutea
Compiled By: Borland Delphi
DLL's Referenced: advapi32.dll comctl32.dll comdlg32.dll gdi32.dll oleaut32.dll shell32.dll user32.dll version.dll
Encrypted? (T or F): T
Required OS: Win 95 or NT 4
Release Date: 3/15/2003
Filename: stub.exe
Size: 21504
Filedate: 3/14/2003 6:09:00 PM
PVT: -15248148
MD5: 930425bbea02a9356e756834d41f8348
Release Date: 3/15/2003
Filename: readme.txt
Size: 1829
Filedate:
PVT: 41800192
MD5: 3ccf94b94846b4e938258a8d260b0be4
Release Date: 3/15/2003
--
Stub.exe is 21kb uncompressed (12k compressed with UPX 1.23) - Binds and executes up to 9 files - Use any type of files (not just exe) - Configurable name after extraction - Each file can be extracted to the temp, windows, system or current directory - Choose Visible, hidden, or no execution. Note: a file instructed to run with the hidden execution function will not always execute hidden. This is not a bug in the program, it's simply the way windows works.'
---------
This Binder is also known as:
•Trojan Horse - named by Panda.
• TrojanDropper.Win32.FreshBind.11.b - named by Kaspersky.
• Win32.Fresh.11.B - named by Computer Associates.
• Win32/Fresh.11.B!Trojan - named by Computer Associates
http://www.spywaredb.com/remove-freshbind-1-1/
http://research.pestpatrol.com/Search/F ... 8d260b0be4
-----------Download here..
http://www.suck-o.com/modules.php?name= ... load&cid=9
http://rapidlibrary.com/index.php?q=freshbind
http://www.e-youneed.com/download.php?view.52
DNR
Category: Binder: A tool that combines two or more files into a single file, usually for the purpose of hiding one of them. A binder compiles the list of files that you select into one host file, which you can rename. A host file is a simple custom compiled program that will decompress and launch the source programs. When you start the host, the embedded files in it are automatically decompressed and launched. When a trojan is bound with Notepad, for instance, the result will appear to be Notepad, and appear to run like Notepad, but the Trojan will also be run.
Files included:
freshbind.exe
readme.txt
stub.exe
Running processes:
freshbind.exe
stub.exe
--
Filename: freshbind.exe
Size: 247296
Filedate: 8/4/2003 4:48:48 PM
PVT: -369583730
MD5: 02e62a2ad67ce0e14896e441ba748a51
Calls to Kernel32: getprocaddress exitprocess
Calls to User32: getdc
Other Calls: loadlibrarya imagelist shellexecutea
Compiled By: Borland Delphi
DLL's Referenced: advapi32.dll comctl32.dll comdlg32.dll gdi32.dll oleaut32.dll shell32.dll user32.dll version.dll
Encrypted? (T or F): T
Required OS: Win 95 or NT 4
Release Date: 3/15/2003
Filename: stub.exe
Size: 21504
Filedate: 3/14/2003 6:09:00 PM
PVT: -15248148
MD5: 930425bbea02a9356e756834d41f8348
Release Date: 3/15/2003
Filename: readme.txt
Size: 1829
Filedate:
PVT: 41800192
MD5: 3ccf94b94846b4e938258a8d260b0be4
Release Date: 3/15/2003
--
Stub.exe is 21kb uncompressed (12k compressed with UPX 1.23) - Binds and executes up to 9 files - Use any type of files (not just exe) - Configurable name after extraction - Each file can be extracted to the temp, windows, system or current directory - Choose Visible, hidden, or no execution. Note: a file instructed to run with the hidden execution function will not always execute hidden. This is not a bug in the program, it's simply the way windows works.'
---------
This Binder is also known as:
•Trojan Horse - named by Panda.
• TrojanDropper.Win32.FreshBind.11.b - named by Kaspersky.
• Win32.Fresh.11.B - named by Computer Associates.
• Win32/Fresh.11.B!Trojan - named by Computer Associates
http://www.spywaredb.com/remove-freshbind-1-1/
http://research.pestpatrol.com/Search/F ... 8d260b0be4
-----------Download here..
http://www.suck-o.com/modules.php?name= ... load&cid=9
http://rapidlibrary.com/index.php?q=freshbind
http://www.e-youneed.com/download.php?view.52
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
