Introduction:
Masking a malware is as important as developing one. Hackers simply don't distribute an EXE program and expect their victims to execute it. This is where masking comes into picture, where a malware is modified to look and behave like some other file which looks less suspicious.
Therotical Working:
Assuming that you've already developed a malware which will either be a single .EXE or a bunch of DLL files, after this masking process, you'll finally have a single file, say a PDF or a DOC or any other media file.
Let's say you choose it to be a PDF, so the final file will look like a PDF and will behave like a normal PDF but it will consist of a malware. Double clicking this PDF will execute your malware and will open a PDF which you'll be defining while masking process.
Video Reference:
Below is the video explaining the same.
In case the video is taken down by YouTube, below is the entire process along with the screenshots.
Steps Involved:
- Extracting an Icon
- Masking files
I'll be binding a malware to act and look like an antivirus installer. You can use any media file instead and it will work the same.
Extracting an Icon:
Assuming that you already have downloaded the apps required.
- Install 'IconViewer v3.2.147'.
- Right Click on the Antivirus Installer -> Properties -> Icons.
- Select the highest resolution icon (not a PNG) -> Save.
Now that you've the icon, we'll move towards packaging.
Masking:
- Install 'WinRAR v6.01'.
- Select All the content that needs to be bind togather. Right Click -> Add to archieve.
- Checkmark 'Create SFX archieve'.
- Advanced -> SFX options.
- Setup -> Add programs (malware and the antivirus installer).
- Modes -> Check 'Unpack to temporary folder' and select 'Hide all'
- Text and icons -> Select the previously extracted icon.
- Update -> 'Extract and replace files' and 'Overwrite all files'.
- Ok -> Ok