What is binder?

A tool that combines two or more files into a single file, usually for the purpose of hiding one of them. Commonly associated with Trojan horses, where the Trojan is bound to a real file, such as a text file that opens with Notepad or other program. The users believe they are opening a safe file, and that is what appears on the screen, but at the same time the file is running, the Trojan is also running, usually undetected by the user. (2) Same as linker

Binder is a software used to bind hacking tools, viruses, trojans with say images, mp3, exe, batch or any other file, you desire. In this article i'm going to explain you what is Binder and how can you use it for hacking. What is Binder? Binder is a free software used to bind or combine two or more files in one file under one name and extension. The files to be binded can have any extension or icon. The user has choice to select the name, icon and various attributes of binded file. If binded file contains an application ( RAT or Keylogger), the application is also run when the actual binded file is run.

When the victim runs our binded image (binded with Ardamax keylogger) on his computer, keylogger is installed on his computer and we can easily obtain all his typed keylogs.

How can I get a Binder? There are many binders out on internet. Just Google "Download binder" and you'll get a list of Binders. There are also many forums, like Hackforums where you can find good and free binders. Here you can Download Shock Labs File Binder - binds JPG, MP3, EXE, and BATCH files.

Disadvantage of Binder: Binders though are useful in hiding keylogger or trojans are often detected by antiviruses as hacktools and hence deleted as viruses. For preventing this deletion and to bypass AV detection, you need to have FUD Binder. You can obtain FUD Binder either from various Hacking forums (where you are asked for money) or by coding one yourself. Remember, no publicly available Binder is FUD. Binder is FUD only if it's very rarely used and not available publicly.

Also, it is better to use Crypters to avoid AV detection. It is general practice to first crypt the keylogger or trojan with Crypter and then bind the crypted trojan to make it deceptive. There are also many Crypters available on the net and the forums. Very Important: Do not scan these tools on VirusTotal. Use http://scanner.novirusthanks.org and also check the "Do not distribute the sample" option.

What are Crypters?? Crypter is hacking program or application used to hide our viruses or RATs from antiviruses so that they are not detected and deleted by antiviruses. Thus, a crypter is a program that allow users to crypt the source code of their program. Generally, antiviruses work by splitting source code of application and then search for certain string within source code. If AV detects any certain malicious strings, it either stops its execution and scan it or deletes the file as virus, making all our efforts useless.

What does Crypter do??? Crypter simply assigns hidden values to each individual code within source code. Thus, the source code becomes hidden. Hence, our sent crypted trojan and virus bypass antivirus detection and our purpose of hacking them is fulfilled without any AV hindrance. Not only does this crypter hide source code, it will unpack the encryption once the program is executed.

Crypters are computer applications which are solely used to bypass the antivirus detection of malwares. Hackers use crypters to hide viruses, Trojans, RATS, keyloggers and other hack tools into a new executable, whose sole purpose is to bypass the detection of the same from antivirus. Crypters are basically dead programs which does not affect the actual functionality of the program, they just spoof the actual program behind their encryption and make antivirus fool. Most antivirus detects viruses on basis of heuristics and normal string based detection. Since we have spoofed the original program, so antivirus stand lame and does not detect it as virus.

Common terms related to crypters: For understanding and designing crypters, hackers must be aware of certain terms, most of you already know these terms, but as i am writing this tutorial starting from novice level and take it to elite level at the end. So if you know these terms just read themone more time, as that might help you to clear some of your doubts. 1. FUD or UD : Fully undetectable(FUD) means that your virus is not detected by any of the existing antiviruses while undetectable(UD) means detectable by few antiviruses. FUD is our only goal and elite hackers always rely on that.

Note: Crypter will remain FUD until you have openly shared on internet. Public crypters remains FUD up to maximum 2 to 3 days then they become UD. So if you want to use crypter for long time so never publish and share that on internet. Use it anonymously. 2. STUB : A stub is a small piece of code which contains certain basic functionality which is used again and again. It is similar to package in Java or simply like header files in C ( which already has certain standard functions defined in it). A stub basically simulates the functionality of existing codes similarly like procedures on remote machines or simply PC's. In crypters, client side server is validated using stubs, so never delete stub file from your crypter. Stubs adds portability to crypter code, so that it can be used on any machine without requiring much procedures and resources on other machines.

3. USV: Unique stub version or simply USV is a part of crypter that generates a unique version of stub which differentiates it from its previous stub, thus makes it more undetectable against antiviruses. For detecting this antivirus companies has to reverse engineer your crypter stub, that is not that easy to do, so it will remain undetectable for long time. This consist of one most important component USG ( unique stub generation) which is the actual part of crypter that encrypts and decrypts the original file means its the heart of your algorithm and i will recommend never write this part in stub, rather include this part in main code. Why i am saying this, stub is part of code which is shared with victim, so it will become public and hence your Crypter will not remain FUD for much long time.

Different types of crypters: 1. External Stub based crypters : This category consists of public crypters (those you have downloaded till date :P (noobish one's) and you complains to provider that its detectable by antiviruses. That really foolish complaint, if crypter is public then it can never remain FUD. So don't ever complain to me also after my next article for such noobish things. Ahahah.. i got deviated for real thing. External Stub based crypters are those crypters in which most of the functionality of the crypter depends of external stub, if your delete that stub file, your crypter is useless. :P Most antivirus only do that. These type of crypters contains two files one is client.exe and other is stub.exe . Stub contains the main procedures and client contains the global functions that call those procedures. 2. Internal or Inbuilt stub based crypters: The crypters that contains only one exe file (i.e client) fall under this category. This client file has inbuilt stub in it. You can separate stub and client part here too using RCE (reverse code engineering) but it is not recommended. Note: External or Internal stub doesn't make much difference as antivirus detects files on the basis of strings related to offsets. Whenever you reverse engineer any application or program, the program execution flow will gonna remain the same but offsets may change. USV will come into picture at this point. If you include your encryption algorithm separately then it will be more harder for antivirus to detect your crypter. 3. Run time crypters: Run time crypters are those crypters which remain undetected in memory during their execution. We are looking for these type of crypters only. :P These can any of the two above.

4. Scan time crypters: Those crypters which will remain undetected while encrypting the files but will become detectable when resultant file is generated. :P Fking one's that wastes all effort we have put. This really annoys everything is working fine and at last you get your file being detected by noob antiviruses.