MicroJoiner for beginnersJoiner - English Joiner. From eng. join - to fasten, to connect. This name was given to a class of programs designed to connect several executable files.
When knowledge was scarce, I personally used such programs to simultaneously launch ICQ and the Web-browser with one click (I repeat: when knowledge was scarce, now I think it’s more correct
use scripts). But more often, such programs are used for purposes that are not completely law-abiding: They glue malware with regular ones. The goal is to make, for example, pairing your "trojans" unnoticeable or less noticeable. For example, a compiled pinch usually does not display any messages at startup.
A person running a file and not seeing anything on the screen can become very suspicious. If, having started the program, he sees, for example a photo, there can be much less suspicion. But this
lyrical digression. Joiner (sometimes written by Joiner) works as follows: when you start the program, you select the files that you want to join, after the work is completed, a file is created at startup, which will start all the files that you selected at the beginning of the work.
For example, there are files 1.exe and 2.exe , as a result of the work a file 3.exe will be created. If we run this file (even by copying it to another folder before), then two programs will be launched: 1.exe and 2.exe.
What a joiner can do: gluing at least two files (in principle, this is enough if you need to merge, for example, 3 files: 1, 2, 3, then first we glue together 1 and 2 in 4, and then 4 and 3 in 5, eventually at launch 5 files 1, 2, 3 will be launched. Very often a joiner can glue together executable files (with the extension * .exe), but this is not always the case.
One of the most popular and well-known joiners is MicroJoiner from coban2k (author of Trojan Pinch, which you can read about here on the forum). Current version 1.7. There is a version of the program with the Russian interface. Actually we will consider it for practice.
To start the program features (taken from the program page):
- sticks up to 4096 files
- sticks together files of any type (i.e. pictures, icons, program documents, etc.)
- the ability to select an icon for the resulting file from icon files (* .ico), executable files (* .exe), dynamic libraries (* .dll)
- glued files are encrypted (antiviruses cannot determine which files were stuck together)
- the resulting file can be compressed by the built-in wrapper (it reduces the file size, the compression ratio is approximately the same as for zip)
- small loader (only 2048 bytes)
- the created file can be compressed with an external packer
- for each file, you can set additional options
- the possibility of registering DLL (OCX), which may be necessary for programs written in Visual Basic
- operations on the glued file itself (Melting, more on that below)
- works under Windows 95/98 / 2k / XP / 2k3
- supports drag-n-drop (it is more convenient to add files, the added files can be simply dragged to the joiner)
- support interface XP (in my opinion, this is unnecessary, but once written - I will translate)
- it is possible to save and load projects
- there are versions in English and Russian languages
The program itself can be downloaded [ here ].
When starting, we see this window
On the left is a white box in which the list of files to be glued is located. You can add files either by simply dragging them from the window of any program, or by right-clicking on this field and choosing to add files.
A bit about context menu items:
- Add files - opens the standard file selection dialog, after selecting the file is added to the list
- Project - allows you to save and load settings (selected files, and options for each file), I personally use extremely rarely
- Delete files - deletes the selected files from the list.
- Clear - removes ALL files from the list.
- Advanced - opens a window with additional options for the file. Having added files, we can proceed to setting up additional options for those files that need it.
Advanced settings window
Contains the following settings:
Hide window - the window of the launched program will not appear on the screen.
Maximize - the program window will be maximized
Minimize - the program window will be minimized to the button on the taskbar.
When using malware, this group is almost irrelevant, since the programs that should be hidden usually do not have a window. But, for example, it can be useful for documents or pictures.
File Attributes :
- Archive (Archive)
- Read Only (Read Only)
- System (System)
The unpacked file will be assigned the attributes of the corresponding selected items. I note that by default, the Hidden and System Files are not shown in Explorer (and other programs). So the choice of these options may be useful.
Do not run (Copy) file will be simply extracted, while it will not be launched for execution. This can be useful, for example, in such cases: if you prescribe the program to autoload and you need it to start only the next time the system is started.
A unique file name for the file will generate a random name from numbers and letters. Personally, I do not recommend using this option because a name like ope23r76C.exe when viewing a folder is immediately apparent and suspicious. Better to rename your file to a more believable name before gluing.
Wait for completion - the following files in the project will be extracted only after the completion of this program, or after closing the window with a document or a picture. It is worth noting that the files
unpacked upwards , i.e. first, those files that are lower in the list of files are unpacked, and then in the order of the bottom-up. So the order of the files can sometimes matter .
Command line parameters - enter here the parameters without the program name, if your executable file requires them to work. Let's say if the program format.com can be entered in the parameters: C: / q (This is just an example, no real use)
the ability to specify the folder into which the file will be extracted, and from which it will be sent for execution. For some programs, the working directory is quite an important variable. For a picture or document it does not matter. But if you need to run a trojan, then it is better to do it from the Windows, System or System32 folder.
Temp - a subfolder will be created in the temporary files directory where the file will be extracted.
The system folder will be extracted to the system directory, usually % windir% \ system32
Windows folders too, but in the% windir% folder
The current file folder will be unpacked into the folder from which the glued file is launched. Be careful: if the folder is not writable (for example, is on a CD-ROM) the file is not created and will not be launched.
The specified folder path can be specified manually, but for this it is recommended to have an idea of the structure of disks and directories on the user's computer. The Windows folder is not always called that, and it is not always on the C: drive.
Melting - this option affects the actions available for selection, if you decide to use the file management feature (see below).
Select a file for Melting. This option can be installed on only one file in the project. If before that you selected it on another project file, then it is automatically removed from the previous file.
Add to autorun - the file is written to autorun in the registry at HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run with the parameter name equal to the file name.
Register DLL, OCX - the item is used to register the necessary libraries.
Let's go back to the main window. To the right of the file list are the operation control buttons.
OK - closes the program.
Glue creates in the folder with the MicroJoiner file Joined.exe in accordance with the settings of the project. This file is the result of the program. It is during its launch that unpacking or launching of glued programs will occur.
Icon - the button allows you to select an icon for the Joined.exe file. There is only one advice - try to match the icon to the content. For example, if you merge your trojan with a picture, then make an icon of the jpg file, if with a Word document, with the corresponding icon. Icons can be selected as from files
icons * .ico and from executable files * .exe, * .dll.
Melting - opens a window for selecting operations on a file. The default setting is Do not use Melting , i.e. no action will be taken.
Delete the resulting file (Self-delete) - after launching, the gluing file will unpack and launch the necessary files, and then it will be deleted. The disappearance of the file may cause suspicion !!!
The remaining options will be available only if you check the "Select a file for Melting" option on one of the project files.
Replace the resulting file with the selected one and Delete p. file and copy the selected file to the same folder - in both cases, the gluing file will be deleted. But in the first case, it will be replaced by the file selected for Melting (that is, the new file will receive the same name as the file-gluing), and in the second, the selected file will be copied to the folder with the original name.
As you can see the program has the capabilities of a mini-installer. Although it installs are usually not entirely legal programs. Because of this use (although for this purpose it was created), antiviruses are unable to determine what is inside the gluing (you remember, the file is encrypted) have added the program itself to their databases. So now any, even the most innocuous files glued together by this program are defined by antiviruses as Win32 / TrojanDropper.Microjoin.C (variations are possible, it depends on the antivirus).
What should be understood as "Tool for pairing Trojans for the Win32 platform known as MicroJoiner". This does not mean that your file is infected or that the program adds its Trojan. Just in this way, antiviruses try to protect users at least somehow. Because of this trick of the Security Advocates, the program is difficult to use on its own. Although if for peaceful purposes there is an executable file that you made for you, it is quite possible to add it to the list of exceptions of the antivirus. The considered program has the widest possibilities among the joiners. If you have to deal with another program, the essence of the work does not change, although you may not encounter some convenient options.
A small collection of various joiners can be found on this page (http://joiners.narod.ru/Html.htm). All of them have been known for a long time and, like MicroJoiner, are detected by antiviruses. Therefore, the restrictions on their use are the same ..
I hope that you could find something useful here.