STEP 1:
Change Assembly
Well first what I do is changing assembly. I think this is most important think you do, well maybe.
Well lest say that we are using my public
Keylogger Tutorial which is I think
1/24 or
2/24. I think was detected by
Avira &
Mcafee.
I will now explain some ways to bypass Anti-Viruses with assembly and make it FUD again.
When you open project click Project > then
NameOfProgram Properties > then click button
Assembly Information... > Then change it, I suggest you to use some legit program's assembly.
For this example I will use assembly of HJT's tool.
Title: Hijack This
Description: Hijack This
Company: Trend Micro Inc
Product: Hijack This
Copyright: © 2007 Trend Micro Inc
Assembly Version: 2 00 0002
File Version: 2 00 0002
Neutral Language: English (United States)
That's how it should look assembly of HJT.
Well this will bypass some Anti-Viruses like AviraAv, AVG & Avast.
STEP 2:
Add icon to our application
Well next thing you should do is add a icon if you didn't that already and it will make it less UD and more FUD.
When you open project click Project > then
NameOfProgram Properties > then click button
Icon Scrollbox > Then click
<Browse...> > And choose icon
Well I guess this will maybe work, for me sometimes works sometimes doesn't.
STEP 3:
Add junk code and make file bigger
Well next step is easy too. So what we going to do next is adding some junk or any kind of source code to our project. That would 100% make it less UD and more FUD. Lets say that we are making a key logger and we get
1/24 UD. Well now lets add this code to our stub or whatever it is and it will make it FUD.
IMPORTANT: The comments you add wont make it bigger or make it more UD.
So lets say that we are making key logger and we want to use GMail, so lets make a a FTP backup. The code for FTP can be found in this
thread. Remember its not important to be FTP just any code except comments.
STEP 4:
Changing strings
Well I think this is best way to make your stub FUD again. Well you need to know what you doing, you cant just like that change a string of program. If you change wrong or don't do this correctly your application can maybe crash.
Well lets say we are using a RC4 encryption module:
Code:
Private Function rc4(ByVal message As String, ByVal password As String) As String
Dim i As Integer = 0
Dim j As Integer = 0
Dim cipher As New StringBuilder
Dim returnCipher As String = String.Empty
Dim sbox As Integer() = New Integer(256) {}
Dim key As Integer() = New Integer(256) {}
Dim intLength As Integer = password.Length
Dim a As Integer = 0
While a <= 255
Dim ctmp As Char = (password.Substring((a Mod intLength), 1).ToCharArray()(0))
key(a) = Asc(ctmp)
sbox(a) = a
Math.Max(Interlocked.Increment(a), a - 1)
End While
Dim x As Integer = 0
Dim b As Integer = 0
While b <= 255
x = (x + sbox(b) + key(b)) Mod 256
Dim tempSwap As Integer = sbox(b)
sbox(b) = sbox(x)
sbox(x) = tempSwap
Math.Max(Interlocked.Increment(b), b - 1)
End While
a = 1
While a <= message.Length
Dim itmp As Integer = 0
i = (i + 1) Mod 256
j = (j + sbox(i)) Mod 256
itmp = sbox(i)
sbox(i) = sbox(j)
sbox(j) = itmp
Dim k As Integer = sbox((sbox(i) + sbox(j)) Mod 256)
Dim ctmp As Char = message.Substring(a - 1, 1).ToCharArray()(0)
itmp = Asc(ctmp)
Dim cipherby As Integer = itmp Xor k
cipher.Append(Chr(cipherby))
Math.Max(Interlocked.Increment(a), a - 1)
End While
returnCipher = cipher.ToString
cipher.Length = 0
Return returnCipher
End Function
So to change it on whole source you will need one little program that is in Visual Basic.
Click
Edit on tab > then click
Quick Replace or click
Ctrl+H > then this should pop up:
In 1st textbox write name of
Integer,
Boolean or
String you want to replace and in 2nd write replace word. Use whatever you want it wont harm our application but remember, don't change important strings or the application will crash. Fore example we are making builder & stub. We coded it and its UD, don't change important strings from, but even if you do make sure that they are same in stub and in builder
So for this example we are used:
Dim
i As Integer, yea its integer but this is just example how to change it easly.
End