Today, my friend suddenly thought of me for help, saying that the account in the Legend World of Online Games was stolen. Since my friend was surfing the Internet at home, the possibility of being looked at by others in public places was ruled out. According to a friend, more than an hour before the stolen, a photo of a netizen was downloaded online and opened it to browse, but the photos of the netizen were indeed opened with "Windows Pictures and Fax Viewer" (My friend's home is XP system), which is certainly a picture file. My friend also told the author that the suffix is .gif, which is obviously a picture file. My friend’s computer does not have antivirus software installed, and the most important thing is that the file has not been deleted. Today, my friend suddenly thought of me for help, saying that the account in the Legend World of Online Games was stolen. Since my friend was surfing the Internet at home, the possibility of being looked at by others in public places was ruled out. According to a friend, more than an hour before the stolen, a photo of a netizen was downloaded online and opened it to browse, but the photos of the netizen were indeed opened with "Windows Pictures and Fax Viewer" (My friend's home is XP system), which is certainly a picture file. My friend also told the author that the suffix is .gif, which is obviously a picture file. My friend’s computer does not have antivirus software installed, and the most important thing is that the file has not been deleted.
The author asked a friend to send the file over QQ. When I sent it, I found in the QQ file name that the file was not a gif file, but an exe file. The file name is: My photo., and its icon is also an icon of the picture file, see Figure 1. The author believes that the friend's computer should open the "Hide the extension of known file types" (you can set it in the "My Computer" menu "Tools → Folder Options → View → Advanced Settings", see Figure 2, so I told me that the suffix name is gif. The author accidentally clicked the file right and found that it can be opened with "WinRAR", so the author opened it with WinRAR and found that it contains two files - my photo.gif and, it is certain that this is a *, which is the culprit of the friend's legendary world number.
Since it can be opened directly with WinRAR, the author concluded that it was made by WinRAR, and now I have begun to decrypt its production process. First, there must be an ICO (icon) file of the image file (can be extracted using other software, so I will not talk about the detailed process here), as shown in Figure 3. Select the picture file and the *, right, select "Add to Archive File" (option of WinRAR), see Figure 4, enter the compressed file name in "Archive File Name", such as: My Photo., if the suffix is .exe, it can be executed directly, if it is not .rar, WinRAR will be opened, so the last suffix here is .exe. Select "Compression Method" according to your needs, then click the "Advanced" tab, select "SFX Options", see Figure 5, fill in the path you need to decompress in the "Release Path". The author fills in "%systemroot%\temp" (excluding quotes), which means decompressing to the temp (temp file) folder in the system installation directory, and run "Input" after "release" (excluding quotes), and run "My Photo.gif" (excluding quotes) before "release".
In this way, my photo.gif file will be opened before decompression, causing the illusion that friends judge the file, and they will think that it is a picture file, and after release, the * will be automatically run (i.e.) Select "Hide All" in the "Silent Mode" tab, select "Overwrite all files" in the "Overwrite method", and in the "Custom SFX icon" tab, load the ICO file of the picture file you just prepared, and then click "OK". This will make a * that bundles pictures seamlessly. When opening this file, the picture file will be run first, and then the * file will be automatically opened, and there will be no prompts in the middle.
Note: I hope that all friends will not use illegal purposes. I hope that everyone will understand the principle of decrypting the * bundling here.