Forum Thread: Creating an Undetectable Exe File?

Hi! Does anyone know of how to create an undetectable .exe file?

I tried using the encoder of shikataganai but nowadays, it even gets found out by the original Windows firewall.
I tried looking but didnt really find one that worked.

Any recommendations, tutorials? Thanks!

6 Responses

Try using veil evasion, shellter encoder to avoid detection.
Guides on null byte, you have them on youtube too!
Veil Evasion:

Good luck evading detection, it's hard today because most of null byte guides are outdated, and today security improved so we really need someone to share something good to Null Byte community.

I won't say 'try' because I know it will work:

Here, by OTW the previous Admin.

(After you have read the guide...)

You can even compile the code/script into an undetectable .exe, by saving the code/script in a .bat then using a free batch compiler.

If you've actually read anything about the Metasploit encoders, Rapid 7 has stated that it was not designed to bypass antivirus.

@INt 3H

Actually, one of its uses IS to avoid signature detection by AV software ^^ its main goal might not be to evade them yes, but ONE of its uses are.

  • First, the decoder stub generator uses metamorphic techniques, through code reordering and substitution, to produce different output each time it is used, in an effort to avoid signature recognition.
  • Second, it uses a chained self modifying key through additive feedback. This means that if the decoding input or keys are incorrect at any iteration then all subsequent output will be incorrect.
  • Third, the decoder stub is itself partially obfuscated via self-modifying of the current basic block as well as armored against emulation using FPU instructions.

Well i tried Shellter and the exe file bypassed the windows firewall and AV without a problem in a Windows 7 machine.

There is no sufficient encoder to do this task for you, because the structure of anything Metasploit uses is incredibly well known to Antivirus and will 100% get it flagged by practically any vendor known to man.

The only solution is writing your own, if invisibility is key.
Even veil-evasion and such cause problems, because they too are known to antivirus vendors.

There is only one workaround - using msfvenom -p (payload) -f py X (Or it might be R) > - Decode the Base64, add comments using #, and reencode, and replace the original. Then use pyinstaller to compile to an exe.

Share Your Thoughts

  • Hot
  • Active