Ok guys, this is a guide on what to look out for on trojans this is not ment to teach how to make trojans or how to trick people or even make them undetectable this is here to help the people who do not know much on how these work or think they are limited to .exe files.
Disclaimer: I will not be held responsable with what you guys do with this information or attachments it is here to teach you guys what to look out and what they are. Everyone before you jump the gun and freak out please read the Topic FULLY I know it is hard but it is ment to help you guys. If this helps you in any way please thank me.
1. Ok First a Batch File, and most people think hmm Why would you wana make a trojan in a batch file if you can just read it in notepad. Well you can't you can try to read this one if you know what you are doing. It will be the first to be uploaded.
2. Ok another method is .scr files aka Screen Savers, Say one day someone happend to say I made a 2moons Screen Saver, Maybe they did Maybe they made a Screen Savor and Added a Trojan to it or Maybe it is pure trojan you never know be careful. I will upload an example (It dose not have any Screen Saver Effects just the file type).
3. Shortcuts or .pif Files. I decided to save time and put 2 in one It is a Shortcut and a .pif file in one. Think of it this way say someone makes a bypass and uses a batch file or exe. You scan the file it finds nothing but the .exe or batch file has fragments into it so after you install it, then it will create a shortcut onto the desktop which will be of all of the compiled data. Almost 100% Undetectable.
4. Windows NT Command Script or .cmd is the extension. It wont be used much due to the fact not many people know what this is but it can be used to confuse people but looks very Suppicious. But keep an eye out.
5. Lastly .com files little know think of them as Early day exe files They just use pure code and run on low memory be careful they are still an exe file.
Last Notes, trojans arent limited to this they can be in anything from Mp3 Mp4 JPEG JPG and many many many formats so no file is save bellow is more information on each file exstention (the boring part).
----------------------------------------------------------------------
1A. In MS-DOS, OS/2, and Windows, a batch file is a text file containing a series of commands intended to be executed by the command interpreter. When a batch file is run, the shell program (usually COMMAND.COM or cmd.exe) reads the file and executes its commands, normally line-by-line. A batch file is analogous to a shell script in Unix-like operating systems.
Batch files are useful for running a sequence of executables automatically. Many system administrators use them to automate tedious processes. Although batch files support elementary program flow commands such as if and goto, they are not well-suited for general-purpose programming.
DOS batch files have the filename extension .BAT. Batch files for other environments may have different extensions, e.g. .CMD in Windows NT and OS/2, or .BTM in 4DOS and related shells.
2A. .scr, a file extension used for MS Windows screensavers
.scr, a file extension used for ZX Spectrum screens (256x192) on MS-DOS systems and emulators
3A. PIFs, or Program Information Files, define how a given MS-DOS program should be run in a multi-tasking environment, notably to avoid giving it unnecessary resources which could remain available to other programs. TopView was the originator of PIFs which were inherited and extended by DESQview and Microsoft Windows, where they are most often seen.
3B. Within Windows, a PIF holds information about how Windows should run the application the PIF corresponds to. The instructions can include the amount of memory to use, the path to the executable file, and what type of window to use (Full screen, window, size in pixels)
3C.* Creating a program information file for an MS-DOS-based program creates a shortcut to the program executable. All the settings saved in the PIF are contained in the shortcut.
* Although an actual PIF does not contain any executable code (it lacks executable files magic number "MZ"), it is an ipso facto, and it can be used to transmit computer viruses because of the way Microsoft Windows handles files with (pseudo-)executables' extensions: all .COMs, .EXEs, and .PIFs are analysed by the ShellExecute function and will run accordingly to their content and not extension. This can be proved by renaming any file from one of the extensions above to another.
* A common e-mail spam attachment
4A. In CP/M-86, CMD is the filename extension used by executable programs. It corresponds to COM in CP/M-80 and EXE in MS-DOS
5A.The file name extension .com has been used in various computer systems for different purposes. Originally, the term stood for "Command file" and was a text file containing commands to be issued to the operating system. This was the practice on many of the Digital Equipment Corporation mini and mainframe computer systems going back to the 1970s.[1]
With the introduction of microcomputers this use of files ending with the extension .com changed. In MS-DOS and compatible DOSes, and in 8-bit CP/M, a COM file is a simple type of executable file. The name of the file format is derived from the file name extension .com (not to be confused with the .com top-level domain), which was originally the extension used for such files. However there is no actual association between the file format and the file name extension in any but CP/M and very early versions of MS-DOS.
5B.The format is still executable on many modern Windows-based platforms, but it is run in an MS-DOS-emulating subsystem which was removed from the x64 variants.
COM files can also be executed on DOS emulators such as DOSBox, on any platform supported by these emulators. "COM" is short for "core image" and is also interpreted as "command" as these .com files contained the code for the basic commands that could be run on the machine.
Many shell utilities such as the MS-DOS version of more used this format, as well as small, early applications.
5C. The COM format is perhaps the simplest executable format of all; it contains no metadata, only code and data, and is loaded at offset 0x0100 of some segment and executed. Because of how the segmentation model works, there is no need for relocation.
Its simplicity exacts a price, however: the binary has a maximum size of 65,280 (0xFF00) bytes and stores all its code and data in one segment. This was not an issue on early 8-bit machines, but it is the main reason why the format fell into disuse soon after the introduction of 16- and then 32-bit processors with their much larger, segmented memories.
Edit: Sorry guys I cant give you an example of what they look like in real format due to the fact they have removed my file hosting Privilages but if you guys would like to see the file Not the Trojan program just the Trojan in the format its self for learning purposes not to be used to infect yourself or others feel free to PM me.
 |
