This guide will walk you through creating a sneaky EXE file that, when executed, runs two programs in sequence. This technique can be used for various purposes, including reverse engineering, social engineering, and online trickery. It's important to note that this guide is for educational purposes only and should not be used for malicious intent.
- Two files: one is the malware (or any program you wish to run first), and the other is a normal file (or any program you wish to run second).
- WinRAR: This guide assumes you are using WinRAR for creating the SFX archive. Other software may not support the same features or may require a different setup process.
-
Prepare the Files: Ensure both the malware and the normal file are ready on your computer.
-
Select the Files: Right-click on one of the files, then select the other file to highlight both.
- Create SFX Archive: Right-click on the highlighted files, navigate to the context menu, and select "Add to archive...". In the dialog that appears, check the box that says "SFX Archive".
- Access SFX Options: Go to the "Advanced" menu, then select "SFX options".
- Setup Tab: In the "SFX options" dialog, go to the "Setup" tab. Here, you will specify the order in which the files should be executed. Type the names of the files in the order they should open.
- Modes Tab: Next, go to the "Modes" tab. Select "Unpack to temp folder" and "Hide All". These options ensure that the files are executed in a temporary folder and that the window is hidden, making the process less noticeable.
-
(Optional) Text & Icon Tab: For added obfuscation, you can go to the "Text & Icon" tab and choose the same icon as the normal file. This step is optional but can help further disguise the malicious intent of the EXE.
-
Update Tab: Go to the "Update" tab and select "Overwrite existing files". This ensures that if the files already exist in the destination, they will be overwritten.
-
Finalize: Click "OK" twice to finalize the creation of the SFX archive.
-
Clean Up: Remove the original files from your computer. A new EXE file will have been created, which, when executed, will run both programs in sequence.
- Testing: This guide has been tested with IoBit antivirus software, but results may vary with other antivirus programs.
- Ethics and Legality: This technique should only be used for educational purposes or legitimate testing. Misuse can lead to legal consequences and harm to others.
- Batch Files: For safer distribution, especially on platforms like GitHub, consider using batch files instead of EXE files. Batch files are less likely to be flagged by antivirus software and can still execute multiple programs in sequence.
- Reported: It's important to note that this technique has already been reported and discussed with MSRC. It's crucial to use this knowledge responsibly and ethically.
- CVSS Score: is 8.4 (HIGH) CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U
Creating a sneaky EXE file that runs multiple programs in sequence can be a powerful tool for reverse engineering, social engineering, and online trickery. However, it's crucial to use this knowledge responsibly and ethically. Always ensure that your actions are legal and do not harm others.