I am always curious to know if it is possible to run an image file as an executable file. So far I only know about the double extension trick such as file.jpg.exe. If the user enabled “Hide extensions for known file types” in Folder Options, most probably the user will think that it is a JPG image file but in fact the .exe extension is hidden. That’s why the first thing I do after reinstalling Windows is to enable show hidden files and disable hide extensions for known file types.
Few days ago I was going through HackHound forum and found a tool called EXE-Forcer developed by steve10120 which claims to make any file extension execute like an .exe file. Before I run EXE-Forcer, I uploaded it to ThreatExpert to analyze and see what it does. It doesn’t do anything but a few antivirus vendor such as PC Tools, Symantec, McAfee, Sophos and Ikarus always flags it as a Trojan.
I ran it and was presented with a very simple interface with nothing on it. Right clicking on an empty space allows me to add an extension.
So I tried entering .ray extension and it was added to the program but nothing happened. I right click on EXE-Forcer again and this time I found the Build option enabled. So I selected Build and it prompts me to save an exe file to a location. Now I have another suspicious EXE file and since I don’t know what it does, I analyzed the file in ThreatExpert. This time ThreatExpert tells me that the file EXE-Forcer created will add new registry entries. From the looks of the registry modification, it seemed like it was trying to register a new file type to an EXE extension.
I ran the EXE file created by EXE-Forcer, and then I renamed a legitimate .exe file’s extension to .ray. As expected, I was able to run the .ray extension as an application after the registry modification.
This registry modification is pretty simple. It maps an extension of your choice to application. If you go to File Types tab in Folder Options (Can only be found in XP), you will see that the extension opens with %1.
EXE-Forcer works but already widely being detected as a malicious tool by most antivirus software. In fact, a simple command line would do the job. Simply type assoc.ray=exefile in command prompt will do what EXE-Forcer does. You can replace the .ray in the command line with any other extension you want to run it as executable. Hope you’ve learned something new today.
A nice way to run EXEs as any other extension is by “START ” from a command prompt(Or a batch file). It needs no association, since it uses ShellExecute only if the file is NOT an executable.(Same thing with COMs)
hi Wolfgang
Can you share how do you hide a file in jpeg and exec it later.
thanks
hey where is the link to exe forcer. please give me if someone have.
Interesting, I can already hide files inside of an image. And with this i can execute programs when they view those files.
The purpose is self-protection!!!
Hi,
how to make an executable file gives and indication to the receiver as it is a doc file or jpg file
and keep on running as executable.
With out being detected by any antivirus.
thanks
Hi,
how to make an executable file gives and indication to the receiver as it is a doc file or jpg file
and keep on running as executable
with out being detected from the anti virus
thanks?
hi,
how to make an executable file gives and indication to the receiver as it is a doc file or jpg file
and keep on running as executable
thanks
where can i download this file frome please the link here is dead thanks for you help
Dear Sir,
I am not able to download your program so please provide me link of your software. I want to use it.
-Blind Hacker
hey ur exe forcer concept did nt wrk at all …..i wanted to make .exe server file a jpeg file if somebody cliks it it shud wrk like an exe file…….without gting detected
waiting for ur reply Raymond thanx in advance
hey Raymond still things r difficult to understand …….
wt if we want to convert exe to any other extension say jpeg that shud execute on cliking ????
Raymond i know u wil help me …and one thind the file shud be FUD by Antivirus
Curiousity is the mother of all discoveries !!!!
Owhh nooo, its gonna be hell for us in troublshooting viruses with *.jpg or other file format. =(
Very interesting! Thanks
Hi, Rymond for your honeymoon,Chateau D´oex is a nice place in the Vaud Canton.Near Gstaad.Really worth it.
You can go trekking,canoeing,see the highest mountains,and many other things.
It´s just a wonderful place to visit.You won´t regret it because it is so beautiful.
Try to get infiormation from the Swiss consulate and you will see by yourself.
Cheers.
Sandal King, just go to cmd and write “assoc .ray=”
not a good tip to teach. This will help trojan droppers :’(
Woow…such a good info
I really like it
Oh My God, it is very dangerous, the best solution is to install a program as a shield of the registry to see suspect tentative.
làm cái này để làm gì hả trời, có ai hiểu chỉ giúp tui coi.
What’s it? Who can help me?
To answer your implied question, I learn something new every day from your blog. Thanks for sharing Raymond!
another unique tip!!!!!!1
thnx
This is the type of thing that I joined up for… not for the free software etc but for tips and tricks. Great post!
Great tip mate, thanks!
it was gr8.
but u didnt say how to remove the .ray association once created…..
Yeah it useful tips to drop trojan or keyloger
Thanks for this idea. Does it works on .dll and on registry key in order to make them as .exe so installation will be easier. Sometimes trying to add/fix dll gives error message and possible this .exe methos solve this problem.
Thanks Ray for this nise articles.
Mr Raymond:
A very interesting post. Maybe useful in the future. Thanks for sharing your knowledge.
Best Regards,
Jose Martinez