146 - Create self-extracting .exe files to avoid AntiVirus detection

Introduction

Due to AntiVirus scan-and-removal software, it is quite common these days to find that a useful little tool or utility .exe file has mysteriously disappeared!

Your AV software may have ignored it for months, but then suddenly, after a 'AV virus definitions update' it now takes a strong dislike to it and deletes it!

Even if you zip up the file, most AV software will detect and flag it.

Here is a way of hiding such files - e.g. Many nirsoft and syssoft utilities seem to trigger AV detection because they could be used for naughty purposes.

Encryption

You can make an encrypted self-extracting .exe file using 7Zip from the command line

"c:\Program Files\7z\7z.exe" a -sfx -pmypassword c:\temp\new c:\temp\nircmd.exe

This makes a new.exe file which is protected by a password.

In this case, nircmd.exe is the file we want to encrypt.

-sfx causes it to make a self-encrypted exe file.

Because we have made a self-encrypted file, we can distribute it to others via the web or add it to our Windows batch files without needing 7Zip.

Extraction

To extract the files from the zip file, you can run it with the following parameters from a batch file:

c:\temp\new.exe -p"mypassword" -y -oc:\temp\1\

REM now we can quickly run the exe...

c:\temp\1\nircmd.exe speak text "Hi"

where C:\temp\1 is the destination folder (if omitted, the current folder will be used).

-y forces it to overwrite any existing file of the same name.

Of course, you can just double-click on the file too, to unpack it.