silk thread technique or exe ?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: silk thread technique or exe ?

  1. #1
    Member
    Join Date
    May 2002
    Posts
    64

    silk thread technique or exe ?

    Hello I was speaking with a friend of mine and we both seem to remember an executable that would "chain together two *.exe files together and the result was "stealthing" the added or 2nd *.exe from the task manager.

    I was currious to know if this technique was in practice still and wanting to know more info about it. If I remember I used it on a win95 box and it was executed from a boot to dos mode and linked another exe to systray.exe and upon reeboot it didnt show anywhere but the open listening port in netstat -a.

    Any clues would be appreciated
    Integrity...loyalty.....and the willingness to make a better world for us all.

  2. #2
    Member
    Join Date
    May 2002
    Posts
    64
    heh didnt think so.
    Integrity...loyalty.....and the willingness to make a better world for us all.

  3. #3
    *just to clarify, do you mean that the first program has a command line or whatever to run the second? If so, the first program was designed to mask the second. It could have just set the ShowInTaskManager (I think thats the flag; Someone correct me) to 0 hiding it from the task manager, or it could load the second program into its own memory space... If it hasn't, it will show up in the WindowsNT or 2000 or XP Process viewer (95/98/me don't have a process viewer, only task).
    WE ARE the anti cancer...
    WE ARE the only answer...
    email

  4. #4
    Junior Member
    Join Date
    Mar 2002
    Posts
    27
    Well, I think it can be done by changing the PE loader to point to your "hidden" exe and then changing the register to try to load it next time... sort of difficult though

    (Hey, guys, please, donīt give me more anti-points, I wasnīt trying to flirt, honest )
    Cojunudo

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    What he is looking for is a way to combine 2 executable files. Not make an executable appear to be a jpeg or something. Yes it is possible. To do it in 9x, you have to use a certain type of program. For Nt, you can use that type of program, or you can piggy-back it useing OS specific commands.

    I will not describe either one right now, becuse I don't know of any use other then to send a virus/trojan attached to a valid exe file.

    cojunudo>
    Hey, guys, please, donīt give me more anti-points, I wasnīt trying to flirt, honest )
    umm, you alright there girl?
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Junior Member
    Join Date
    Mar 2002
    Posts
    27
    I can find many uses for two merged exes, like making a prog that executes when the other finishes, etc.
    It can be done redirecting the PE, i think itīs called elf_anew DWORD
    Check Matt Pietreck great tutorials.
    Heīs a wizard

    quote:
    ................................................)

    umm, you alright there girl?


    ...............................................
    Yes Iīm here.
    Whatīs up, bud?
    Cojunudo

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    cojunudo> I was just curious about the "not trying to flirt comment" Anyway, what I was saying was a legit reason to combine 2 exe files. I can write a batch file to have 1 program execute after another. The most common use for this is to attach a trojan to a small game or something. Then, when reciever plays game, they install the trojan without knowing it. The only time I have ever seen this done without it being a trojan or virus attached was in a "proof of concept" where a text editor was attached to a game, to show that when you ran the game, the text editor would open up also.

    Actually, either elkern or klez (not sure which cause they come together) does this in a way with the .rar files it leaves all over your network.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    Member
    Join Date
    May 2002
    Posts
    64
    thanks for the tip i'll look into it.
    Integrity...loyalty.....and the willingness to make a better world for us all.

  9. #9
    Member
    Join Date
    May 2002
    Posts
    64
    Cojonudo.......hmmmmm
    doesnt that mean somthing like "it has balls" .......
    Integrity...loyalty.....and the willingness to make a better world for us all.

  10. #10
    Member
    Join Date
    May 2002
    Posts
    64
    Interesting stuff... Looks like I'll have to cook my own code (yikes) last time I was in the kitchen I got burnt!! and there was no feast that night.
    I cant seem to find any pre-made programs to concatenate *.exe files. errrrr well one that will perform a Horizontal Concatenation of files but I think that is only half of what I need.
    I guess I could just mess around and figure it out for myself (thanks).

    Souleman I dont think you get it yet (no offence)I am not a cracker I am a hacker I love to figure things out. If you want to catch a a crooked mechanic learn how to fix cars. I would be interested in hidding investigative software on a suspect local pc to compliment network monitoring. To accomplish this I think you would need to hide the proccess and activities behind a running app so the suspect does not notice it under the task manager and figure it out to soon.

    Anyways thanks for the scraps of info it was enough to point me in the direction I wanted to go
    Ive seen that one could (like a virus) append an exe, change the header accordingly thus adding extra code to an *.exe but im a novice programer and time is not on my side unfortunatly.

    Cheers!!
    Integrity...loyalty.....and the willingness to make a better world for us all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •