1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ppi less undetectable... i think (look)

Discussion in 'Making Money' started by tripphxc, Mar 29, 2008.

  1. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under
    well, i tryed doing something that some people may have of tryed doing... and that is trying to make the ppi installer less undetectable or completly undetectable


    well... this is how far i have gotten but not sure if it will work cause im assuming it may of messed up the whole ppi.exe file.


    but take a look



    this is the waverevenue ppi exe


    This is the orginal file






    Notice how the edited ppi was only detected by three a/v programs....



    any advice... think this would work...?


    thanks
     
  2. CapMorgan

    CapMorgan Junior Member

    Joined:
    Dec 15, 2007
    Messages:
    147
    Likes Received:
    236
    So how did you end up doing this?
     
  3. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under
    i will eventullay tell.... im sure some other members know how....


    i just remembered back from my hacking days... i always did this to make my virus/trojan undetectable... and it still worked so thats why i think it may work but then again.... im sure a trojan virus is different then a ppi installer
     
  4. Steeky

    Steeky Regular Member

    Joined:
    Jan 13, 2007
    Messages:
    454
    Likes Received:
    163
    You forgot ZoneAlarm
     
  5. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under


    cause i hate zone alarm =]


    only good for halo cheating
     
  6. Steeky

    Steeky Regular Member

    Joined:
    Jan 13, 2007
    Messages:
    454
    Likes Received:
    163
    but I assume ZoneAlarm has a lot of users
     
  7. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under
    Another list of A/V programs with the edited file


    Some of the A.V progs are listed in the above (first post)



    Antivirus Version Last Update Result
    AhnLab-V3 2008.3.29.0 2008.03.29 -
    AntiVir 7.6.0.78 2008.03.28 -
    Authentium 4.93.8 2008.03.29 -
    Avast 4.7.1098.0 2008.03.29 -
    AVG 7.5.0.516 2008.03.29 Downloader.Agent.15.A
    BitDefender 7.2 2008.03.29 -
    CAT-QuickHeal 9.50 2008.03.28 -
    ClamAV 0.92.1 2008.03.29 -
    DrWeb 4.44.0.09170 2008.03.29 Trojan.DownLoader.54163
    eSafe 7.0.15.0 2008.03.18 -
    eTrust-Vet 31.3.5653 2008.03.29 -
    Ewido 4.0 2008.03.29 -
    FileAdvisor 1 2008.03.29 -
    Fortinet 3.14.0.0 2008.03.29 -
    F-Prot 4.4.2.54 2008.03.28 -
    F-Secure 6.70.13260.0 2008.03.29 -
    Ikarus T3.1.1.20 2008.03.29 -
    Kaspersky 7.0.0.125 2008.03.29 -
    McAfee 5262 2008.03.28 -
    Microsoft 1.3301 2008.03.28 -
    NOD32v2 2984 2008.03.29 -
    Norman 5.80.02 2008.03.28 -
    Panda 9.0.0.4 2008.03.29 -
    Prevx1 V2 2008.03.29 Generic.Malware
    Rising 20.37.51.00 2008.03.29 -
    Sophos 4.28.0 2008.03.29 -
    Sunbelt 3.0.978.0 2008.03.18 -
    Symantec 10 2008.03.29 -
    TheHacker 6.2.92.258 2008.03.29 -
    VBA32 3.12.6.3 2008.03.25 -
    VirusBuster 4.3.26:9 2008.03.29 -
    Webwasher-Gateway 6.6.2 2008.03.29 Trojan.Crypt.ULPM.Gen



    Additional information
    File size: 82944 bytes
    MD5: e783d15381bacf8afd5d2ae0c9023e28
    SHA1: abda14c0bf9915888e870c9af05815f40bff3c25
    PEiD: -
     
  8. dabandit

    dabandit Registered Member

    Joined:
    Feb 21, 2008
    Messages:
    83
    Likes Received:
    28
    Hope you didn't submit it to VirusTotal.
     
  9. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under


    no i did not... i alerday heard and known what they do.
     
  10. MaestroDelWeb

    MaestroDelWeb Executive VIP

    Joined:
    Nov 5, 2007
    Messages:
    815
    Likes Received:
    869
    Occupation:
    Jack of all trades.
    Location:
    USA
    The problem is you didn't check it with the biggest two...Norton and McAfee (they even come bundled with tons of computers). Also I believe AVG might be number three which caught it. I'm surprised Kapersky and NOD32 didn't catch it, a lot of people swear by it. I know you don't need every install to work, but the top two Norton and McAfee have a large share of installs. They are worth testing on.
     
  11. Essential Clix

    Essential Clix Executive VIP Premium Member

    Joined:
    Jul 30, 2007
    Messages:
    1,755
    Likes Received:
    2,791
    Location:
    USA
    Are you manually editing the .exe to change the filesize & MD5, to make it less detectable? If so, Nova pretty much took the question right out of my mouth in this post.
     
  12. homenet

    homenet Power Member

    Joined:
    Jan 5, 2009
    Messages:
    790
    Likes Received:
    338
    Location:
    Dimension X
    im guessing your cutting the file in half with a hex editor and saving both halves to find out which contains the trojan signature, and then repeating the process until you find the exact 4 bytes that contain the signature and editing them. I did this with the waverevenue exe and made it undetetable to a lot of anti viruses, you've just gotta be careful and make sure the exe still actually works after you've edited it!
     
  13. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under


    sounds good =]
     
  14. apekillape

    apekillape Senior Member Premium Member

    Joined:
    Dec 13, 2007
    Messages:
    1,077
    Likes Received:
    1,441
    Occupation:
    Basically, I just walk the Earth.
    Location:
    The Layer Cake
    Ruh roh. Why?

    N
     
  15. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under
    they will report it. most likely.
     
  16. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under
    is their anyway i can test out this edit ppi installer like a self test... instead of actullay binding it to a software and uploading...

    thanks
     
  17. dabandit

    dabandit Registered Member

    Joined:
    Feb 21, 2008
    Messages:
    83
    Likes Received:
    28
    VMWare Workstation or Microsoft Virtual PC '07. PM me for details.
     
  18. chaser

    chaser Regular Member

    Joined:
    Nov 30, 2007
    Messages:
    209
    Likes Received:
    18
    What do you mean saying they will report it? Where and why is it bad?
     
  19. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under

    Meaning, they may and will send it to antivirus programmers/creators so they will be aware of it
     
  20. tripphxc

    tripphxc Junior Member

    Joined:
    Mar 23, 2008
    Messages:
    106
    Likes Received:
    1
    Location:
    6 Feet Under
    Little update:


    The edited ppi installer seems to be working... just uploaded a torrent and got 2 sales =]