Breaking News
Loading...
Monday, January 30, 2012

Self-extracting archive (SFX) as Creative Virus Handler



Jack-in-the-box_kookie


Yesterday I Found and interesting article about "Self-extracting archive (SFX)" on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not all people know how to do it.  It is therefore exactly the same as a .ZIP or .RAR archive. The only difference is that, when you execute it, will automatically extract the files. However, if you add some parameters, you can execute them after extraction or execute a shell command before extraction. So this feature can be used as good virus handler. Let's See how?

DarkCoderSc shared his experience with us using a Video Demonstration as shown Below.
  • Start up the WinRAR application; click ‘Browse for folder’ under the ‘File’ menu and browse to the location of the file.
  • With the file highlighted, clicking on the ‘Add’ button will kickoff the archiving process and selecting the ‘Create SFX archive’ option will give the file its self-extracting feature.
  • Under the ‘Advanced’ tab and clicking on the ‘SFX options’ button, where we can now configure our ‘Advanced SFX options’.
  • In the first input field you can add a file name that already exist on the current drive or one of the extracted files to execute after the extraction. 
image008
  • In the second input field you can add a file name that already exist in the current drive to execute before the extraction.
PART 1: Run Basic Windows Shell Commands using SFX:
Example 1: %SYSTEMDRIVE%\windows\system32\cmd.exe /k shutdown -s -f -t 3600
In the first input enter this command if we generate the SFX package and run it after the extraction we see a DOS window and a windows notification saying our computer will shutdown in 1 hour.

Example 2: %SYSTEMDRIVE%\windows\notepad.exe c:\atextfile.txt
You can do this with any other present application on the system such as opening a notepad file.

Example 3: %SYSTEMDRIVE%\Program Files\Internet Explorer\iexplore.exe http://unremote.org/
Opening a webpage using Internet Explorer

PART 2: Run Advance Tricky Commands using SFX
Using only a little .dll in the SFX package attacker can download and execute an application on victim's system that can or cannot be a virus and For this we just required "Rundll32 Microsoft application" and "FASM (Flat Assembler) Compiler".

Now Create a new folder and a new file called ourdll.asm when its done open this file in FASM and pastethis code in the file. Edit the path to Files in sample Code for personal Usage.
Now in the menu bar click on “Run” >> “Compile”. Our dll is ready now, Let's create our SFX file downloader .
Sans-titre-4

You need to follow the next steps:
- Right click on the dll and click on “Add to archive” << WinRAR explorer option
- Choose SFX package in the options list
- Go to Advanced Settings tab
- Click on SFX Settings button
- In extract to input add this line - "%APPDATA%\dcsc\ourdll.dll"
- In the first input parameter enter this line
%SYSTEMDRIVE%\windows\system32\rundll32.exe %APPDATA%\dcsc\ourdll.dll, dcscdownload

Now we can generate our archive, if we have correctly setup the SFX, then it will download and execute the chosen file after the full extractions.

PART 3: SFX as System Killer
The SFX manager includes two other dangerous functions (Run as administrator and Delete files after extraction). The option Run as administrator will ask to run it as admin, so the SFX will have all the rights on the system and, after extraction, the delete files will be usefull to do harmful things in the system.

To Get the Steps of this Method, You should Read the Original Article Written By Unremote.org.

1 comments:

  1. I was searching for loan to sort out my bills& debts, then i saw comments about Blank ATM Credit Card that can be hacked to withdraw money from any ATM machines around you . I doubted thus but decided to give it a try by contacting {skylinktechnes@yahoo.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with $50,000 so i requested for one & paid the delivery fee to obtain the card, i was shock to see the UPS agent in my resident with a parcel{card} i signed and went back inside and confirmed the card work's after the agent left. This is no doubts because i have the card & has made used of the card. This hackers are USA based hackers set out to help people with financial freedom!! Contact these email if you wants to get rich with this Via email skylinktechnes@yahoo.com or whatsapp: +1(213)785-1553

    ReplyDelete

Save this Page

Copyright © 2012 Checkzx All Right Reserved
Designed by CBTblogger