1 00:00:00,550 --> 00:00:08,120 Welcome to a new lesson in this lesson, we are going to see how to create stealth, the Trojan. 2 00:00:09,040 --> 00:00:18,280 And we are going to take the malware which we created from an earlier lesson when we study process injection. 3 00:00:19,570 --> 00:00:28,930 So the process injection malware, which we created earlier, was designed to inject into Microsoft 4 00:00:28,930 --> 00:00:31,240 Paint and show MessageBox. 5 00:00:31,750 --> 00:00:33,040 So let's try that again. 6 00:00:33,970 --> 00:00:38,890 This smell, that process injection, which I reanimates, know stuff. 7 00:00:39,790 --> 00:00:43,210 And you will know in a while why I call it no stealth. 8 00:00:44,210 --> 00:00:50,750 OK, so now the hell will have to open Microsoft buying program first. 9 00:00:51,470 --> 00:00:53,360 So let's run make this off patent. 10 00:00:59,160 --> 00:01:03,780 The process injection, no stealth, you double click. 11 00:01:06,280 --> 00:01:10,000 And you notice when a double click is a black box opened up. 12 00:01:11,780 --> 00:01:15,230 Then messagebox, use the black window, we should. 13 00:01:15,530 --> 00:01:17,090 He's known as the console. 14 00:01:19,360 --> 00:01:26,320 So that is why it is no still, because when you Reynie, you show us a console, let's straighten retime. 15 00:01:31,530 --> 00:01:37,140 So in order to create a trillion, we hear he stealthy. 16 00:01:38,190 --> 00:01:42,670 We have to make some modification to the source code. 17 00:01:43,590 --> 00:01:46,410 So this is a modified source code over here. 18 00:01:48,040 --> 00:01:49,100 Opening to look back. 19 00:01:54,610 --> 00:02:00,670 Now, in this MORTIFIES law school, we have change, the main function to become women. 20 00:02:01,750 --> 00:02:05,980 Women is a graphical user interface application entry point. 21 00:02:06,760 --> 00:02:13,690 And this is the MSDS documentation for the women application entry point. 22 00:02:16,950 --> 00:02:24,510 So if you want to create any kind of application that runs as a graphical user interface, we use this 23 00:02:24,510 --> 00:02:25,050 signature. 24 00:02:26,340 --> 00:02:30,280 Compare this with the original one, his original one. 25 00:02:30,300 --> 00:02:37,860 If you open it with the note back plus plus, you will see that it is mean, uh, mean. 26 00:02:38,310 --> 00:02:41,640 Functions in nature will run with the console. 27 00:02:42,090 --> 00:02:43,440 He will open up a console. 28 00:02:43,920 --> 00:02:48,300 But Wenman functions in nature, will not open the console. 29 00:02:48,990 --> 00:02:55,230 The other differences you need to come into this printer because he doesn't make sense to print if there 30 00:02:55,470 --> 00:02:56,220 is no console. 31 00:02:56,880 --> 00:02:58,890 So let's try to run this one, though. 32 00:02:59,670 --> 00:03:00,120 Yeah. 33 00:03:00,510 --> 00:03:01,230 One more time. 34 00:03:01,230 --> 00:03:10,870 The processing injection, you can Austell tell and you see the console opens and then it shows the 35 00:03:10,890 --> 00:03:11,610 message box. 36 00:03:12,990 --> 00:03:18,870 Now we run the one we remain in MessageBox shows without showing any console first. 37 00:03:21,800 --> 00:03:28,160 Now you can compile this process injection, the women one using the compost group. 38 00:03:28,940 --> 00:03:36,650 So if you open this compost and look every day, some change changes to subsistent windows. 39 00:03:37,100 --> 00:03:39,740 Previously, it was subsystem console. 40 00:03:40,850 --> 00:03:47,210 So a subsystem console is used to build those fabrication, which has corniness, a main function, 41 00:03:48,440 --> 00:03:55,820 but subsystem windows issues for building those applications, which is convening as a signature. 42 00:03:57,200 --> 00:04:03,380 So this is how you can create a Trojan that is stealthy. 43 00:04:04,460 --> 00:04:05,540 Thank you for watching.