Many people asking how to hexedit, I decided to write
this little tutorial. I will try to explain how to hexedit your favourite Trojan in order to
make it undetected by certain antivirus programs. I will try to put this as simple as
possible so everyone understands it.
Content:
1. General info about hexediting .
2. What tools you need to get started.
3. How to hex.
-step 1
-step 2
-step 3
__ __
1. General info about hexediting?
If you want to make your server undetectable, you need to know how AVs work and
how they detect your files, right? There are a few ways that AVs use to detect your
server heuristics, sandboxing, etc., and one of them is using so called "definition files"
that carry information about strings inside your server. Well, that's the way we are
going again in this tutorial because hexing is pretty much useless for other methods of
detection. So when AVs scan your files it searches for specific stings on specific parts
in your server, and if strings match with strings in the AV database, your file is
detected.
Let as say that detected strings are "XX" so we need to change that string to something
else (e.g. "XY","YY") that isn't in the AV definition database so the file can not be
matched with any of the AV definitions and that way the file will be undetectable.
There are going to be a few tagged strings in your server - not only one, depending on
what trojan you are using and how popular is. Less popular trojans tend to have less
tagged parts, and with that they are easier to make it undetectable.
First of all, hexing is not the best method for undetecting files because AVs can
change old tagged parts, and once your AV is updated, new definition files are
downloaded and your once undetected server might become detected again. Also not
all AVs use the same tagged parts - this way you need to hex your server against more
AVs to make it fully undetected. This can be annoying because you need to download
wanted AVs then hex it your server, then download another etc., etc. Sometimes AVs
tag critical parts of the server, and if that part is altered will corrupt the server. Also,
heavily edited servers can become unstable, some functions might not work, or even
you can corrupt your server and make it useless.
Thats why you need to check your server if its still working after every single
change you made while hexing it.
Now how to find detected strings in your server?
There are few ways you can do this: Manually cut your server in half adding parts to
one half and scanning it until you find the detected string (which is slow and time
consuming); use file splitters to split your server into
bytes, and after that scan all split files and find out what byte is detected then alter it
in original exe, or you can use an offset AV .
2. What tools we need.
- Unpacked trojan server. (That's your virus)

- Hex editor > DOWNLOAD
- File Splitter > DOWNLOAD 

- AV-antivirus

3. How to hex:

Now to make more simple i add these video TuT how can u make virus undetectable by AV , Whatch it > 

Whatch it here

enjoy

http://macanohosting.com/
http://secure-web-surfing.info/
http://dragtohell.com/
http://evolutionunderworld.com