As discussed earlier in Trojan Software Vector windows iexpress wizard can be used as Trojan wrapping tool. In this following tutorial I ll explain how you can create your own Trojan wrapped file and then its countermeasures. Following are requirements for this demonstration,
A legitimate executable file(For example I am using AIMP2)
A Trojan File(By the way I am using calc.exe file)
Windows OS with iexpress wizard.
First of all use resource hacker to extract default icon from legitimate file(use a setup file since it avoids suspicion). Sorry I am not going explain how to use resource hacker, please refer its help file.
Now press WIN+R button on your keyboard or open command prompt, type iexpress.exe. Following wizard will open in front of you.
press next and select Extract files and run installation command.
Type package title same as the name of legitimate file.
From confirmation prompt select no prompt. From license agreement select Do not display a license. Now click on add files and add both legitimate file and Trojan file in it.
Now from install program select Trojan file and from post install command select the legitimate file.
Select default from show windows option. Select no message from Finished message. Browse for location to save file, select Hide File Extraction Animation.
Select no restart and then don’t save SED and create package.
Now browse to the location where you saved wrapped file open it in Resource Hacker and change its icon with the icon we extracted earlier.
Now look at the following image, aimp2 is our legitimate program, calc.exe is Trojan, Trojan.exe is wrapped file, and Trojan2.exe is wrapped file after changing icon. Now when you’ll click on wrapped file both legitimate file and Trojan file will be executed.
Keep an updated Anti-virus program. Note name, size, icon of file before installation if they don’t match original file then open it in some archive program like winzip, winrar, 7zip, bzip2, peazip etc. and check it out.