So,lets see how to find if the file is binded or not.
NOTE:Click on the images to zoom it.1.Download BinText Tool (Download),now open the suspicious file with Bintext as shown in the image below.
Email id,Instant messenger names,No-IP,DUC,Mozilla Account Manager,IE Account Manager...etc...I mentioned all these because these are the elements where password are either enter or saved and the backdoored tool access them.If you find these string names in the file opened in bintext then it is binded.
2.You can also use Hex Workshop(or any hex editor) to do the above work as shown in the image below.
Note:The above two methods may not be effective if the file is crypted using a good crypter.3.We can also use Resource Hacker (Download) to find if a file is binded or not as shown in the image below.
more than one values as shown in the above image then the file is binded.
4.Now a days most of the RATS have anti-sandboxie option but still then this method is effective.Open the suspicious file with Sandboxie(Download).Now check the sandboxie if there are more than one process running then the file is binded.
5.If the file's size is less than 20mb then scan it with a Multi-Engine AntiVirus ie. NoVirusthanks.org
If you find this post worthy enough then do drop a comment,it will be appreciated.... :)