You may not be familiar that what is hex editing and also you may not be familiar that how can we use this technique to hide our viral program or a Trojan. Many of you may know other ways of hiding virus too like using public cyptors which will also be posted here soon. Many of you also asked that how to hide a Trojan or your created server in key loggers so that the antivirus of the victim may not identify the virus and he may not get warned. So, I will surely like to tell my readers that how the hackers make it possible and how can you be fooled by hackers too as they may fool your antivirus, So, its necessary that you should have this knowledge as the view of security.
What is Hex editing?
Hex editing is a method to hide miscellaneous programs containing viruses and Trojans from a specific antivirus. Here I used the word specific because its actually up to you that for which antivirus you want to hex edit it. so, that the particular antivirus may not catch the virus. Now if the Trojan is popular and the viral code is old then its sure that every latest updates of the all antiviruses may contain the information about that Trojan as well as virus. So, here comes into play the hard work which is just from you. In hex editing those part of codes in the program are removed which are cause of the virus detection or altered to some other coding which may not be present in antivirus definition as viral code. So, using this scheme we can easily bypass the required antivirus.
How to do Hex Editing?
Now in order to find that particular viral code which is present in the antivirus definition as the viral code we have to split our Trojan into many parts. And after that separate those parts which on scan again show virus as an alert in antivirus. Now, again we have to split those parts and thus this scheme is repeated until we find exact part and after that we will need a hex editor the edit the specific code. e-g xx is present in antivirus definition as viral code we shall change it into xy so that antivirus may not detect it. After this we shall again combine all the pieces back into a single executable file. So what we are going to need?
- A unpacked trojan server (Your Virus)
- File Splitter (Download File Splitter here)
- Hex Editor (Download Open Source Hex Editor here)
Using the splitter distribute the infected program into small parts and then scan every part, when a part is detected as virus again distribute that in a new folder and then scan every part and do this until you get smallest part which contains piece of viral code which can be recognized by antivirus. Edit that piece or pieces in hex editor and change the value of first line to 0, like I did:-
and then re scan that part if you get alert of virus again then do the same with next line and save it and then scan hope after that the alert won’t occur. Now, rebuild those parts by the “File splitter builder exe” given in every folder where you have split a file and then move on like this and start merging parts by the exe given of file splitter for every part which you have distributed in the same folder where you have split any part. And then scan your Trojan in the end and hope it will not be detectable. I’ll explain all this in detail someday. Its enough for today.