Hiding .exe inside a .jpg file is possible
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Hiding .exe inside a .jpg file is possible

  1. #1
    Banned
    Join Date
    Dec 2006
    Posts
    8

    Hiding .exe inside a .jpg file is possible

    check this out, remember to always scan your picture files or you could regret it.

    Quote Originally Posted by SuBzErO
    The way Windows executes EXE files is stored inside the registry.
    The way it executes JPG files is stored there too.
    This means that you need to make windows think a JPG file is an EXE file. But we cant do that without hurting the OS's configuration or risk that any future changes made by programs will set JPG back to its default registry value.
    What we need to do is create a file that will look like its a JPG (not be the icon, but by the type) and will act like an EXE. but a jpg icon can still be applied also.
    example:
    Code:
    "file.jpg "
    notice the space after the ".jpg". This is no ordianry space, but a special char that for writing it, you need to do as follows:
    Get the EXE you want to convert to "jpg".
    rename it from "file.exe" to "file.jpg". Now press the rename again, and in the end of the .jpg, press the ALT key (dont let go of it) and on the keypad, type
    Code:
    "0160"
    this will look like this: "file.jpg ". you can now rename it to something like "my pic.jpg "
    Go to:
    Code:
    Start -> Run -> RegEdit 
    Right click on the HKEY_CLASSES_ROOT key and New -> Key
    Call it ".jpg " (the space represants the ALT+0160)
    Inside it, you will find the (Default) string.
    Double click on it and write "exefile".
    Then right click anywhere but on the Default string and New -> String Value Call it "Content Type". and edit it so it will say "application/x-msdownload".
    Right click on the ".jpg " key and New -> Key Call it "PersistentHandler".
    Inside it, edit the Default string to
    Code:
    "{098f2470-bae0-11cd-b579-08002b30bfeb}"
    Now every EXE file that will have the ".jpg " type, will be executed like a regular EXE! But only on your computer.
    Right click on the ".jpg " key and Export.
    Call it something like "fix.reg" and tell the victim you're sending the "picture" to that its a fix so that windows will be able to open your pic or use your imagination or hide it inside another trusted program.
    I recommand using an EXE joiner to join a real pic to an EXE file so the user wont suspect anything.
    taken from SubZeRo at sub7world
    Last edited by haxor500; December 20th, 2006 at 04:39 PM.

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Very interesting...

    although you would need admin access to edit the reg....

    so limited accounts would stop the initial association to the new renamed ".jpg "

    Lame

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Banned
    Join Date
    Dec 2006
    Posts
    8
    no you dont need admin access to edit reg files.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well on my system you do....only admins and system have full control of that key....lowly users have read.

    Are you talking about windows 98 maybe

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Banned
    Join Date
    Dec 2006
    Posts
    8
    no any system, no admin access is needed to edit the registry.
    there are many way to execute registry keys without a user knowing to change his entire registry.

    admin access may be added to your account but it still means your registry can be edited by an unauthorised party.
    But like you say it depends on the network

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Can you provide me with an example...

    Cuz....I have trouble running certain applications without admin permissions...largely due to lack of registry permissions.....and I would really like to know how I can work around this...

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm,

    DiamondCS ......... look for RegistryProt
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    This is crap and obviously you can't change/add registry keys as a regular user with the default MS perms set.

    This is yet another horrible theoretical "weakness".

    In the real world this is about as likely as my wife letting me go to Cancun with the hooters girls.

    --th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    Custom User
    Join Date
    Oct 2001
    Posts
    503
    The thing is as well, where's this jpeg gonna come from? Am I gonna download a virus, do the whole rename thing and deliberately infect myself? Oh, I get it, it'll be one of those penis enlargement emails that'll have instructions on how to grow your dick enclosed in a nice jpeg - can never resist them!

    Other than that, you tend to know what files are on your comp - or at least I do.

    ac

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I would agree with Morgana that this might be an issue with the old domestic Windows versions. It should not affect NT based systems with proper authorities unless you are logged in with admin rights?

    Another thing that I wondered about was that most modern security suites scan e-mail attachments and would warn you if it was an executable?

    It won't run on this machine anyway because I am using a virtual sandbox and have WinSonar doing behavioural analysis and RegistryProt guarding the Registry.

    As Hoss says it is a very "theoretical" weakness. I would have thought that if you were liable to be caught by it, you would fall for quite a few other things as well?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides