Embedding malicious file in any type of file

If you want to attack any victim you somehow need to trick victim to open malicious file. Usually normal user would not download and execute your malicious file, so you need to create some type of file (jpg, pdf, mp4, etc.) for which you know that victim will open it. And in this file you need to embed the “bad” file. So when the victim will open the file it would also run the malicious file in the background. In this post I will show you how you can embed backdoor or any malicious file into any other legit file. For this purpose I will use WinRAR archiver.

Select the legit file you want to send to the victim. Then, create the icon for this type of file. For example, if the legit file will be some pdf document then create pdf icon. If the legit file will be jpg file, then create icon from this picture, etc. The filename extension of icon is .ico.

I have used online service to create icon: https://icoconvert.com/

Then you also need to have prepared malicious file. For the demonstration purpose I used .txt file.

For a legit file I selected pdf book. So till now I have prepared pdf icon, pdf file and txt file. In the real scenario instead txt file I would use some malicious batch (.bat) file.

Step 1

Mark the legit pdf and txt file. Then, right click and click Add to archive

Step 2

In General tab change: 

  • Archive name (name of the final embedded file)
  • Compression method select Best
  • Archiving options select Create SFX archive

Step 3

In Advance tab click SFX options

In Advance SFX options change following:

Setup tab:

  • Run after extraction; here you define which files will open. In my case first will open hw.txt and second Kali-Linux-Revealed-1st-edition.pdf

Modes tab:

  • Under Silent mode select Hide all

Text and icon tab:

  • In Load SFX icon from brows for the icon

Update tab:

  • Under Update mode select Extract and update file
  • Under Overwrite mode select Overwrite all files

Then twice click ok button and new embeded file will be created.

So, when we click the file to open, it will execute both files which we defined during the setup of this file. In my case it was hw.txt and Kali-Linux-Revealed-1st-edition.pdf.

Of course in the real life scenario you do not want to see pop upping both files. So make sure if you embed some powershell payload that your .bat file includes some hidden commands, which will not pop up black cmd window and scare the victim.

Add a Comment