Silently install malware using IExpress.

Now you have your Malware  ready and want it to get executed on victim machines. While doing so you obviously don’t want to ring any kinda bells so that victim get an alert . There are many tricks to do it, heres mine.

Lot of people are crazy about installing latest softwares, games, screensavers on their systems. We can target such users easily using this trick.  Heres a way to do it using windows inbuilt tool.

Pick up any legitimate installer like – winzip, acrobat, screensavers, games etc lets say LegitInstaller.msi

We will need to write a small bat script to carry out our task and  Pack it with an installer utility and we are done. But  Now the question arises: How to create an installer? I don’t want to write an installer script, m too lazy to do it. Give me some ready made stuff dude 😉

You are right why would you write it when you have nice tiny utility available under windows itself 😉
Yes, You can Create a self-extracting or installing package in matter of seconds using windows in build utility: IExpress Following are steps to create custom installer with screenshots of the process.

1) Go to run and type “iexpress” to launch its wizard.  1
2) Click Next to build an installer.
3) On the next form, you can choose the behaviour of your application from the given options. Choose “Extract and run installation command”

4) Type name of the installer. You might want to use same name as that of legitimate installer.
5) Choose “No Prompt” from next screen. 31
6) Choose “Do not display a license” unless you want to.
7) In the next screen add the legitimate installer package, our malware and the newly created bat script.
8 ) Choose our bat script as the Install program on the next screen.
9) Choose “Hidden” as Show Window option and message if you want to display after installation.
10) Type the name of our Package and Save it to Desktop. Also choose Hide File extraction process from user checkbox.

11) Choose restarting options depending your malware settings and click next to proceed on final step.
12) No Need to save SED file and click next to create your Malware Installer.

Now you are ready to share this install package with victims. Once double clicked, package will execute instructions written in our bat file and first silently install malware on victim machine followed by legitimate installation of screensaver without alarming victim.

I hope you find this post useful.51


About this entry