• Total Posts: 28030
  • Total Topics: 8051
  • Online Today: 738
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: The Art of the Hidden File  (Read 1462 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7151
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
The Art of the Hidden File
« on: 10. October 2008., 07:11:17 »

The art of hiding codes via XOR is simple, easy and extremely ancient. Despite its antiquity though, it is still in use today.

Here's a great example: Trojan-Downloader:W32/Tibs.VX. It performs a very simple operation to hide its executable components inside six JPEG files. Since the JPEG files also contain valid pictures, they can be easily dismissed. The trojan then downloads the JPEG files, saves them temporarily on the system, retrieves the executables and installs them.

If any of the files are opened with an image viewer, this image is displayed:

Perfectly innocent, right? But after performing the XOR operation, the executable file becomes evident:

This is not a very common tactic, though we've seen it before in Rogue:W32/AntivirusXP2008 variants. Still, even tricks as simple as a single assembly language opcode never really get old.


Samker's Computer Forum -

The Art of the Hidden File
« on: 10. October 2008., 07:11:17 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising