HomePostsEmbedding malicious file in any type of file
December 24, 2018
Embedding malicious file in any type of file
If you want to attack any victim you somehow need to trick victim to open malicious file. Usually normal user would not download and execute your malicious file, so you need to create some type of file (jpg, pdf, mp4, etc.) for which you know that victim will open it. And in this file you need to embed the “bad” file. So when the victim will open the file it would also run the malicious file in the background. In this post I will show you how you can embed backdoor or any malicious file into any other legit file. For this purpose I will use WinRAR archiver.
Select the legit file you want to send to the victim. Then, create the icon for this type of file. For example, if the legit file will be some pdf document then create pdf icon. If the legit file will be jpg file, then create icon from this picture, etc. The filename extension of icon is .ico.
Then you also need to have prepared malicious file. For the demonstration purpose I used .txt file.
For a legit file I selected pdf book. So till now I have prepared pdf icon, pdf file and txt file. In the real scenario instead txt file I would use some malicious batch (.bat) file.
Mark the legit pdf and txt file. Then, right click and click Add to archive…
In General tab change:
Archive name (name of the final embedded file)
Compression method select Best
Archiving options select Create SFX archive
In Advance tab click SFX options…
In Advance SFX options change following:
Run after extraction; here you define which files will open. In my case first will open hw.txt and second Kali-Linux-Revealed-1st-edition.pdf
Under Silent mode select Hide all
Text and icon tab:
In Load SFX icon from brows for the icon
Under Update mode select Extract and update file
Under Overwrite mode select Overwrite all files
Then twice click ok button and new embeded file will be created.
So, when we click the file to open, it will execute both files which we defined during the setup of this file. In my case it was hw.txt and Kali-Linux-Revealed-1st-edition.pdf.
Of course in the real life scenario you do not want to see pop upping both files. So make sure if you embed some powershell payload that your .bat file includes some hidden commands, which will not pop up black cmd window and scare the victim.