File size

[BenzoIsHere]

Final size after making the downloader from a 40KB exe and a 5KB txt file are less than 5KB. Is there any way I could increase the final downloader's size alltogether to be like around 3-4 MB at least? Or would that increase detections by any change. The file I'm talking about expanding is the final downloader that contains a .txt and an .exe file.

[UnamSanctam]

You can try a file pumper (or whatever they are called) if you can find one,, not sure about increases of detections with that though.

[BenzoIsHere]

I finally managed to do it and my final result is a 22/65 virustotal detection rate. That's after using unamdownloader, I even tried to crypt the whole thing with special characters in PE-UNION, recrompress it again, and hide variables in the .exe but that got me 15 detections more on top of eveything. I guess this is the point where everything starts to get harder 🗡️

[BenzoIsHere]

The thing even gets detected by Windows Defender and can't even get to the point that I'm downloading it as a zipped folder, It gets deleted before download finishes.

[UnamSanctam]

The downloader itself or the downloaded file? You can enable "Add Windows Defender exclusions" to add exclusions before it downloads anything.

[BenzoIsHere]

The downloader itself gets deleted by windows defender before even getting into my PC [ I'm downloading the downloader]. I already checked Add Windows Defender Exclusion both in miner config and in downloader also.

[UnamSanctam]

And you are building a native file?

[BenzoIsHere]

Yes, I builded both native and managed files but still happens.

[UnamSanctam]

Hmm, the native file should not be detected, make sure that your aren't uploading it to something like VirusTotal (or sites like mediafire which use VirusTotal) since the MD5 checksum of that specific build will go into a database.

[BenzoIsHere]

Downloader is uploaded on anonfiles, and miner inside it is uploaded on bitbucked, isn't that all right? I'm gonna retry making another build and downloader and see what happens.

[UnamSanctam]

Yes that should be alright.

[BenzoIsHere]

What If someone that downloaded that build scanned it on virustotal for example/ Will that MD5 Checksum be totaled for anyone else downloading the same build afterwards? Thus, preventing the .exe from being downloaded? Tried to create another ,,downloader'' build and seems fine, I don't have to rebuild the miner I believe.

[UnamSanctam]

The MD5 checksum is the MD5 hash of all the bytes of the program, so if the program has the same bytes (same build) then that can get detected on another computer by checking the MD5 checksum. It's this way for any program and you can't avoid it since it's not detecting any code or anything.

[BenzoIsHere]

So, If someone scans it on virustotal will the checksum be passed in a database where broswers can identify it as well? I'm asking that because the first build was actually scanned by me and the next time I tried to download it the file got erased automatically.

[UnamSanctam]

Yes VirusTotal sends files and detections to all antiviruses, which is why they are called a distribution scanner.

[BenzoIsHere]

Do you think distributing the executable through discord would be rather more efficient in terms of detectability than a broswer, chrome?

[UnamSanctam]

Could be yes, though not uploading it to sites like VirusTotal and rebuilding it often are the best things to do.

[BenzoIsHere]

Couldn't just I make X amount of builds and set the server to replace it every now and then? Guess that would be nicer :D

[UnamSanctam]

Yes that would work.

[BenzoIsHere]

I got a youtube tutorial that averaged a ~20k overall download count on some content containing a clean .exe. I just imagine now how would that be with a miner this night. Lol. Thanks. You may close this. U a god man