File Binded with RATS!!!:Know how to find it.

By Satyajit (Admins,a.k.a Satosys) on Thursday, August 26, 2010

Attacker or Black Hats are very creative and clever people...lol,suppose you download a file say a .mp3 format and start enjoying the music but that can cause you lethal damage....you may be thinking how...??this is because the .mp3 you downloaded may be binded with an executable file which is a malware,that malware can be executed silently when you play the .mp3 which can bypass the anti-virus and even firewall to send data from your PC to the attacker.The malware can be RATS(Remote Administration Tools),Keylogger,a Virus etc.
So,lets see how to find if the file is binded or not.
NOTE:Click on the images to zoom it.
1.Download BinText Tool (Download),now open the suspicious file with Bintext as shown in the image below.
Look for Email id,Instant messenger names,No-IP,DUC,Mozilla Account Manager,IE Account Manager...etc...I mentioned all these because these are the elements where password are either enter or saved and the backdoored tool access them.If you find these string names in the file opened in bintext then it is binded.

2.You can also use Hex Workshop(or any hex editor) to do the above work as shown in the image below.
Now find the strings as in Step 1. then the file is binded.
Note:The above two methods may not be effective if the file is crypted using a good crypter.
3.We can also use Resource Hacker (Download) to find if a file is binded or not as shown in the image below.
After opening the file with Resource Hacker check the "RCDATA" section if you find more than one values as shown in the above image then the file is binded.

4.Now a days most of the RATS have anti-sandboxie option but still then this method is effective.Open the suspicious file with Sandboxie(Download).Now check the sandboxie if there are more than one process running then the file is binded.

5.If the file's size is less than 20mb then scan it with a Multi-Engine AntiVirus ie. NoVirusthanks.org


If you find this post worthy enough then do drop a comment,it will be appreciated.... :)


IF YOU LIKED THE CONTENT OF THIS BLOG THEN DO "VOTE" FOR IT........Click here to Vote!

Share/Bookmark
, , , , , , ,
Related Posts Plugin for WordPress, Blogger...
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 4 comments:

Bloggers Planet on August 27, 2010 at 2:14 AM said...

Looks very complicated to me =)

August 27, 2010 at 2:14 AM
Green Coffee on August 28, 2010 at 8:03 PM said...

You have mentioned here great tips about how to find blinded with RATS. I download many music file from the internet and some time founded malware detection. Now, using your tips user can avoid this problem.

August 28, 2010 at 8:03 PM
Satyajit (Admins,a.k.a Satosys) said...

@all Thanks for visiting.....please give ur real name....it will be appreciated. :)

August 29, 2010 at 3:14 PM
Sandeep Bhatti on July 21, 2011 at 12:15 PM said...

thanks its increase my knowledge and security...........

July 21, 2011 at 12:15 PM

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
Home | Privacy Policy | Disclaimer | Login
© 2011 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates