Jump to content

Increase .exe file size


Recommended Posts

Is this considered as a mod working on a thread, or can i answer?

Spoiler

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Link to comment
Share on other sites

Not sure what "Mod working in a thread" means but the reason i want to make exe files bigger is becouse i want to store information at a "secret place" eighter by reading from the exe file afterwards, or by looking at the file size and using that as a source of information to store a short string lika a password.

Also thanks for trying to help guys! :)

Link to comment
Share on other sites

  • Moderators

Pricehacker,

Quote

Not sure what "Mod working in a thread" means

Then read this announcement.

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

  • Moderators

Pricehacker,

One way to do what you want is to use Alternate data streams (ADS) - I believe that there are some examples on the forum on how to use AutoIt to with them. But as this method has been used for malware in the past and is not necessarily transferrable between machines, I would counsel against its use as it is likely to be more trouble that it is worth.

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Link to comment
Share on other sites

  • Moderators

I would agree with Melba, any AV product worth its salt is going to do a checksum of executables against any binary-appending of data. Most of the time if you do this it goes into the package.nw and is easily detectable. Even if it doesn't go there, it is going to change the hashsum, which will be detected.

And if you have to go to those lengths to get around AV detection, you're really beginning to stumble into the gray area between legitimacy and malware.

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

if you are just shooting for security by obscurity, seems it would be easier to reshack a dependency or bury it in the metadata.  You still have to write a script that tells everyone where it is in order to use that string, so where you put it matters very little to a determined attacker, imho.

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

Huh.. green light to answer?

Spoiler

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Link to comment
Share on other sites

  • Use a FileInstall() with some file meeting your size needs
  • define a huge string variable in your script, filled with  RANDOM characters.

And  that with "Mod Team working on a thread", I'm not sure, if I get this 100%...

 

I assume, that this means, don't help, while the moderator's team is discussing, if a question is apropriate or prohibited. As Melba and Logan were putting valuable answers to the orignal question, I assume, we are past this "is-it-legitim-discussion" :'(

 

Regards, Rudi.

Earth is flat, pigs can fly, and Nuclear Power is SAFE!

Link to comment
Share on other sites

This topic is borderline negative behavior, that almost always leans towards suspicious activities.

They are trying to conceal a malicious file for ill intent.

File hidden from either a program, or person.

File storage in a compression state.

Data storage is another possibility, but that too is suspicious.

Link to comment
Share on other sites

or storing a product key, or a hardcoded password.....   Also, any target a payload of this manner would work on could get rekt without all the legwork.  Now if he said the D word or any of the keywords about putting it back together, then its piledriver time.

 

I do love your cynicism though, im jealous, it seems healthy and well cared for.  I have started leaning more towards:

Don't attribute to malice, that which can be attributed to coding some shit in the jankiest way possible because i had a bad idea that ended up working. 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

If you want to *CHECK* a password, a user has to put in on program startup, don't store the password itself, but it's hash code:

 

#Region Password Check
$PWD = ""
$PW_hash = "0x83CA415F8BA7FCE3163736F7BB472DA7F307B832"
Do
    $PWD = InputBox("Password Check", "enter your password", "", "*")
Until $PWD <> ""
_Crypt_Startup()
$Hash_Input = _Crypt_HashData($PWD, $CALG_SHA1)
If $Hash_Input <> $PW_hash Then
    MsgBox(64, "Wrong Password", "Please type your password again, the SHA1 Hash calculated doesn't match!", 10)
    Exit
EndIf
_Crypt_Shutdown()
#EndRegion

That way the user cannot retrieve your password from the compiled EXE, but *YOU* can verify, he/she knows it.

 

Regards, Rudi.

Earth is flat, pigs can fly, and Nuclear Power is SAFE!

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...