File Binded with RATS!!!:Know how to find it.

Attacker or Black Hats are very creative and clever,suppose you download a file say a .mp3 format and start enjoying the music but that can cause you lethal may be thinking how...??this is because the .mp3 you downloaded may be binded with an executable file which is a malware,that malware can be executed silently when you play the .mp3 which can bypass the anti-virus and even firewall to send data from your PC to the attacker.The malware can be RATS(Remote Administration Tools),Keylogger,a Virus etc.
So,lets see how to find if the file is binded or not.
NOTE:Click on the images to zoom it.
1.Download BinText Tool (Download),now open the suspicious file with Bintext as shown in the image below.
Look for Email id,Instant messenger names,No-IP,DUC,Mozilla Account Manager,IE Account Manager...etc...I mentioned all these because these are the elements where password are either enter or saved and the backdoored tool access them.If you find these string names in the file opened in bintext then it is binded.

2.You can also use Hex Workshop(or any hex editor) to do the above work as shown in the image below.
Now find the strings as in Step 1. then the file is binded.
Note:The above two methods may not be effective if the file is crypted using a good crypter.
3.We can also use Resource Hacker (Download) to find if a file is binded or not as shown in the image below.
After opening the file with Resource Hacker check the "RCDATA" section if you find more than one values as shown in the above image then the file is binded.

4.Now a days most of the RATS have anti-sandboxie option but still then this method is effective.Open the suspicious file with Sandboxie(Download).Now check the sandboxie if there are more than one process running then the file is binded.

5.If the file's size is less than 20mb then scan it with a Multi-Engine AntiVirus ie.

If you find this post worthy enough then do drop a comment,it will be appreciated.... :)

File Binded with RATS!!!:Know how to find it. File Binded with RATS!!!:Know how to find it. Reviewed by Satyajit (Admins,a.k.a Satosys) on Thursday, August 26, 2010 Rating: 5


Bloggers Planet said...

Looks very complicated to me =)

Green Coffee said...

You have mentioned here great tips about how to find blinded with RATS. I download many music file from the internet and some time founded malware detection. Now, using your tips user can avoid this problem.

Satyajit (Admins,a.k.a Satosys) said...

@all Thanks for visiting.....please give ur real will be appreciated. :)

Sandeep Bhatti said...

thanks its increase my knowledge and security...........

Munna said...

Kind of old post but still its worthy read. How to detect malware though it is encrypted?

Powered by Blogger.