Mutt
Professional
- Messages
- 1,159
- Reaction score
- 827
- Points
- 113
The article was created for informational purposes only and does not call for action!
Let's start with what gluing is.
Glueing is combining several files into one. It is often used when creating viruses.
Typical example: we have two exe. One is a regular word installer, and the other is a virus that invisibly infects the system. And there is a victim to whom a virus needs to be thrown. Sending the virus itself is pale. After a person launches the file and sees that something is not happening what he expected, he will be wary. For such purposes, there is a gluing. It helps to create an exe that will behave like a regular program or even an installer, and the virus will run in the background.
Today we will get acquainted with one of the methods of gluing viruses with executable files.
Glueing through winrar
This method is the most optimal among the simple gluing methods. As a result, we get one executable file that will behave like the original program. Since winrar is a legitimate program, it does not add new detections to the final file.
Preparation
Winrar must be installed on the system. For convenience, it is better to move the virus file and the file under which the virus will be disguised in one folder. In this example, the notmyfault program will be used, and as a virus, a harmless program that will simply show a window with the text that it has started.
It is important to make sure that the program you are merging with should not have any dependencies. For example, you can't just pluck an exe from an installed program and send it to someone. Most likely, such a program will not work, because it will lack libraries or configuration files.
Step 1
We select the file of the virus and the final program
Step 2
Right-click and select Add to Archive .
Step 3
Check the boxes "Create SFX archive", "Create solid archive" and "Lock archive"
Step 4
In the "Advanced" tab open "SFX options ..."
Step 5
In the "Setup" tab, on the first line, write the name of the program that the virus is disguised as. You must write the full name with the extension. Write the name of the virus file on a new line.
The order can be changed. Then the virus will start first. But this can only be done with those viruses that transfer the executable file after restart. Otherwise, the main program will not start until the virus exits.
Step 6
In the "Modules" tab, check the "Unpack to temporary folder" checkbox and in the "Silent mode" select "Hide all"
Step 7
On the "Update" tab in "Overwrite mode" set "Overwrite all files"
Result
As a result, another one will be created in the folder with the source files. This is a combo program that behaves like the original exe, but has the functions of a virus in it.
Examination
As a result of running the resulting file, the glued virus will be executed in the system, so you do not need to run it on virtual machines that are not intended for tests.
After starting the exe, the main program opened, after closing which this window appeared. It was displayed because the virus was an application that reports that the system is infected. A real virus runs in the background without creating windows.
Let's start with what gluing is.
Glueing is combining several files into one. It is often used when creating viruses.
Typical example: we have two exe. One is a regular word installer, and the other is a virus that invisibly infects the system. And there is a victim to whom a virus needs to be thrown. Sending the virus itself is pale. After a person launches the file and sees that something is not happening what he expected, he will be wary. For such purposes, there is a gluing. It helps to create an exe that will behave like a regular program or even an installer, and the virus will run in the background.
Today we will get acquainted with one of the methods of gluing viruses with executable files.
Glueing through winrar
This method is the most optimal among the simple gluing methods. As a result, we get one executable file that will behave like the original program. Since winrar is a legitimate program, it does not add new detections to the final file.
Preparation
Winrar must be installed on the system. For convenience, it is better to move the virus file and the file under which the virus will be disguised in one folder. In this example, the notmyfault program will be used, and as a virus, a harmless program that will simply show a window with the text that it has started.
It is important to make sure that the program you are merging with should not have any dependencies. For example, you can't just pluck an exe from an installed program and send it to someone. Most likely, such a program will not work, because it will lack libraries or configuration files.
Step 1
We select the file of the virus and the final program
Step 2
Right-click and select Add to Archive .
Step 3
Check the boxes "Create SFX archive", "Create solid archive" and "Lock archive"
Step 4
In the "Advanced" tab open "SFX options ..."
Step 5
In the "Setup" tab, on the first line, write the name of the program that the virus is disguised as. You must write the full name with the extension. Write the name of the virus file on a new line.
The order can be changed. Then the virus will start first. But this can only be done with those viruses that transfer the executable file after restart. Otherwise, the main program will not start until the virus exits.
Step 6
In the "Modules" tab, check the "Unpack to temporary folder" checkbox and in the "Silent mode" select "Hide all"
Step 7
On the "Update" tab in "Overwrite mode" set "Overwrite all files"
Result
As a result, another one will be created in the folder with the source files. This is a combo program that behaves like the original exe, but has the functions of a virus in it.
Examination
As a result of running the resulting file, the glued virus will be executed in the system, so you do not need to run it on virtual machines that are not intended for tests.
After starting the exe, the main program opened, after closing which this window appeared. It was displayed because the virus was an application that reports that the system is infected. A real virus runs in the background without creating windows.
