Posted on 5 Comments

How to hide an exe file in a Jpeg

I have been searching for a way to send an executable file to someone and make him to execute it. Sending the exe directly is not feasible. So let’s see how to hide an exe file in a jpeg and test its feasibility. First of all, create a new directory named test and download some images and name them similarly. I downloaded images of a popular Tollywood actress. The plan is to lure the victim into falling in the trap. I did this on a Windows 7 machine.

expeg1

 

Go to Folder Options”, go to View tab”deselect ‘ Hide extensions for known file types‘ and select option Show hidden files, folders and drives. This will allow us to see the extensions of the files we are working with.

expeg2

 

Open Notepad, type the following text and save it with the extenson .bat”. What the following code does is it creates a new user named “hacker” with password “abc123″ in the Windows machine this code gets executed.

expeg3

 

Download BAT to EXE converter and convert the batch file we just created to an exe.

expeg4

 

expeg5

 

 

Rename the file “samy.exe” to  “samy_3.jpg”. Windows will prompt a warning. Ignore it.

expeg6

 

Right click on the file “samy_3.jpg”, drag it a little and leave. Select ‘Create Shortcuts here’. We are creating a shortcut for the file samy_3.jpg.

expeg7

 

Rename the shortcut to “samy_0.jpg”. Whatever the name you give make sure that the shortcut is clicked first and not the exe file.

expeg8

 

Right click on “samy_0.jpg” and select Properties. In the “Start in” column delete the entire text. In the “Target:” column type “C:Windowssystem32cmd.exec samy_3.jpg.” This will run the file samy_3.jpg when clicked on the samy_0.jpg.

expeg9

 

Click on “Change Icon” tab. Replace the text inside with “%SystemRoot%system32SHELL32.dll” and click on “OK”.

expeg10

 

Compress all files into zip archive with the name “samy unseen.zip”. Remember that name should be attractive enough to lure the victim into clicking the images.

expeg11

 

OK, package is ready. Now the bigger challenge is to send the package to the victim’s computer. I tried to mail the package to the victim but it didn’t work out.

expeg12

 

 So I suggest you to find your own way of sending it to the victim. To test if the package will work on the victim’s system or not open “CMD” and type the command “net user” before executing the image. It will show us all the users on the system.

expeg13

 

Then click on the image samy_0.jpg. Open “CMD” and type the “net user” command again.

expeg14

 

A new user named hacker has been created. So the trick worked.

5 thoughts on “How to hide an exe file in a Jpeg

  1. doesn’t net user /add command requires run as administrator ?

    1. Unfortunately, yes it needs administrator privileges.

  2. […] batch file as shown below.We need to send this file to the victim machine and make him execute it. See how? Make sure you replace the IP address below with one assigned by […]

  3. […] Now it’s time for our victim to type our command on his system. Copy the command on Notepad and save it as a batch file. Convert this file to exe and send this file to the victim. I have shown one method here. […]

  4. […] Now it’s time for our victim to type our command on his system. Copy the command on Notepad and save it as a batch file. Convert this file to exe and send this file to the victim. I have shown one method here. […]

Leave a Reply