matej
Premium
- Joined
- Feb 15, 2024
- Posts
- 31
- Reaction score
- 0
- Status
- Offline
- Last Seen
Hey,
Today, I will teach you how to inject your malware (rat/stealer/miner/custom stuff) into an executable file that bypasses most, if not all, antiviruses.
First and foremost, I would like to inform you that this tutorial will not be very practical. You will need some skills and will also need to do some research on your own.
Anyway, let's begin!
Step 1: Prepare your malware by creating an executable file and minimizing detections.
To convert it into shellcode, use the free and open-source tool donut, available on github.
To install and use it, follow the instructions on the github page. You will also need Visual Studio.
Done! You should now have a shellcode.bin file.
Step 3: Injecting it into the executable To infect an exe file, you can either do it manually or use a script available on GitHub.
I would recommend injecting/backdooring it manually, but if you looked at this tutorial, you probably don't know how, so yeah.
I believe most tools will allow you to inject a shellcode.bin file, but if the tool you want to use requires it differently, such as this:
Hide ContentSpoiler:
Code: \xe8\x00\x00\x00\x00\x5a\x8d\x52\xfb\x89\xe5\x81\xec\x00\x10\x00\x00\x52\xbb\x8e\xfe\x1f\x4b\xe8\x9d\x00\x00\x00\x5a\x55\x52\x89\xc5\x8d\xb2\x9e\x01\x00\x00\x8d\xba\xaa\x01
Don't worry, you can convert it with the Python script provided below:
Hide Content Spoiler
Code:
Using open('shellcode.bin', 'rb') as file: shellcode = file.read()
Hex_shellcode equals ''.Join([f"\\x{byte:02x}" for byte in shellcode])
print(hex_shellcode)
Using the converter python script is very simple; simply save it as a python script in the same directory/folder as the shellcode.bin, then open cmd in that directory/folder and run the script to print it out.
Okay, that's it.
You have successfully infected/backdoored that executable.
IF YOUR INFECTED EXE IS DETECTED, TRY THE FOLLOWING:
-Add, remove, or modify manifest.
- Reduce detections of the original executable - Use a different tool to backdoor it.
- Manually backdoor it - Sign or forge signatures
Today, I will teach you how to inject your malware (rat/stealer/miner/custom stuff) into an executable file that bypasses most, if not all, antiviruses.
First and foremost, I would like to inform you that this tutorial will not be very practical. You will need some skills and will also need to do some research on your own.
Anyway, let's begin!
Step 1: Prepare your malware by creating an executable file and minimizing detections.
To convert it into shellcode, use the free and open-source tool donut, available on github.
To install and use it, follow the instructions on the github page. You will also need Visual Studio.
Done! You should now have a shellcode.bin file.
Step 3: Injecting it into the executable To infect an exe file, you can either do it manually or use a script available on GitHub.
I would recommend injecting/backdooring it manually, but if you looked at this tutorial, you probably don't know how, so yeah.
I believe most tools will allow you to inject a shellcode.bin file, but if the tool you want to use requires it differently, such as this:
Hide ContentSpoiler:
Code: \xe8\x00\x00\x00\x00\x5a\x8d\x52\xfb\x89\xe5\x81\xec\x00\x10\x00\x00\x52\xbb\x8e\xfe\x1f\x4b\xe8\x9d\x00\x00\x00\x5a\x55\x52\x89\xc5\x8d\xb2\x9e\x01\x00\x00\x8d\xba\xaa\x01
Don't worry, you can convert it with the Python script provided below:
Hide Content Spoiler
Code:
Using open('shellcode.bin', 'rb') as file: shellcode = file.read()
Hex_shellcode equals ''.Join([f"\\x{byte:02x}" for byte in shellcode])
print(hex_shellcode)
Using the converter python script is very simple; simply save it as a python script in the same directory/folder as the shellcode.bin, then open cmd in that directory/folder and run the script to print it out.
Okay, that's it.
You have successfully infected/backdoored that executable.
IF YOUR INFECTED EXE IS DETECTED, TRY THE FOLLOWING:
-Add, remove, or modify manifest.
- Reduce detections of the original executable - Use a different tool to backdoor it.
- Manually backdoor it - Sign or forge signatures