Crafty Executable

Executables are the traditional trojan horses when it comes to delivering malicious code into a target. Executables can be crafted, moulded and camouflaged to hide the malicious code within. Here are some of the tools to get it done.

Cross Compilation - Exe in Linux

Many a times an executable may have to be crafted in a Linux server. MinGM is a great tool to get it done,

i686-w64-mingw32-gcc XYZ.c -o XYZ.exe #32bit
i686-w64-mingw64-gcc XYZ.c -o XYZ.exe #64bit
Compress an Executable

UPX is an open source executable packer that is capable of compressing an executable. The executable does not require any special extractor or memory to run on the target system.

upx filename
upx -d filename #decompress command
Masquerade Executable into Hex file

Exe2hex is a handy tool to convert an exe into a hex file and have powershell convert it back in the target machine. This is more useful for tricking firewalls and antivirus softwares.

python3 exe2hex.py -x /usr/share/windows-binaries/sbd.exe
Shell Code Injection into Exe

It is possible to inject malicious code into a well known executable such as the installer for winrar or winzip. Besides the installation of the actual software, the malicious code will also get executed in the target system.

Shellter is a great tool for achieving dynamic shell code injection.

Last updated