#masking the .exe file extension.

I heard about that right to left trick but it shows .Exe when someone previews the Dropbox link

can someone help me please file extension tools just triggers my anti virus my malware is already undetectable but i think windows defender recognizes that i am trying to change the extension.

Use .scr

Behaves exactly the same way .exe does, but people don't often know that

AV probably won't care what the extension is

If it's an executable it's an executable

And it'll be given a scan

Oh

Well look at this

I did that right to left Unicode thing

And it detects it as a malware

But my actual malware is undetectable

So if I change it to that it will be like a Exe

Hmm

Yes

There are some other extensions which are the same

So there a way I can just injact it in a real photo

And it executes when they open it

Nah don't think so

Would require a vulnerability in the image reader

Oh

That allows for arbitrary code execution

Well this is soo hard because all I need to finish this Projact is to convince that person that it’s a image

Because the batch file opens downloads and opens the image

As normal

And starts the malware

Then deletes itself

batch file

Gross

That’s not the malware

Tho

My malware is shellcode

I still hate batch

Is there a good

One

Are you "converting" the batch to an executable?

Yes

I am

Just write it in a language that actually compiles lol

I can write it in C

Huh

Not sure if all of these are clickable to execute

But there's a list

They all look suspicious tho

I wish there’s a way to just make it say jpg

Without triggering the windows defender

.scr is the best you're gonna get

It's still pretty good

I'd do that tbh, rather have real code that I can control myself

Well is there a way for a Exe to execute open extraction form a zip

My shell code

Is written in C

Lol

When you say shellcode

You mean reverse shell

Right?

No

C2

Framework I made

Custom

A C2 is a server

Yes

More then one connection

Can connect

So the client program that connects to the C2 is what you're talking about, right?

I have no problem with my actual malware my problem is that if the target sees the file as .Exe

Or any other

He will think it’s a virus

So I am thinking of a way

I'm just asking because I'm interested mainly

To hack him before he realizes

Yea

When people talk about shellcode they're talking about asm-level stuff quite often

Tiny bits of assembly code which get hidden away in a program

Yes

That

But I want her to click on the image

😢

I'm guessing you've probably got some metasploit thingy or whatever

Nah

Idk I don't use tools, more fun from scratch

Yea mine is custom

I am not using a tool

That’s why my malware is hard to detect

It also installs malware in the bios

When executed

But I have a question is there a way for my malware to run upon extraction from a zip

I don't know of any way of doing that

Ok thank you tho man

I will figure it out

I made like 50 scripts trying to change it I thought it wouldn’t be this hard to mask a extension😢

Maybe there's a different way of getting whoever to run the file

Idk what the context is so I can't come up with anything useful

Oh hey I was able to make it .jpg

Without AV

Detecting it

But there is one problem sometimes it’s very rare

But my friend keeps making a big deal out of it

The pop

Up that says publisher unknown

It doesn’t happen often right?

Because for me it only happened once

After many clicks and the computer was already infected

The vm.

Is there a way to find fake CA’s

Because he wants the malware to be 100% undetected

Google came up with this:
https://github.com/paranoidninja/CarbonCopy

Ohh thank you soo much man

seems like your code itself is getting caught not the extension though

what sort of encoding are you using?

i am using aes and base64

my code is not getting caught... without it, its totally fine.

only 1 detection