Masking the Sethc.exe backdoor with an anti-detection system.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

What is Backdoor Controller

Backdoor Controller is a sethc.exe replacement that attempts to mask the presence of the well-known backdoor. If you replace sethc.exe with cmd.exe (the normal way of installing the backdoor) you can easily tell the system has been comprimised by pressing the SHIFT key 5 times.

What does Backdoor Controller do

By replacing sethc.exe with backdoor-controller.exe you'll get numerous advantages, for example:

  • If you press the SHIFT key 5 times when a user is logged in, the normal sticky keys window will popup (instead of a command prompt window)
  • When you press the SHIFT key 5 on the Windows login screen, you'll see a non-suspicious looking window popup
    • If you select No the window will disappear and nothing will happen
    • If you select Yes another window will popup asking you to enter the "threshold", in this window you are able to type codes
      • cmd - opens a command prompt window ~ a native CMD.exe process (so you don't face the errors that the old one faces)
      • admin - toggles the creation / deletion of a administrator user account
      • uninstall - uninstalls the backdoor replacing the modified sethc.exe with the original
      • help - shows all the available options for Backdoor Controller


In order to get the native Windows popup dialogs & convert the batch file to an executable, I used Bat To Exe Converter by Fatih Kodak. It's an awesome project, with loads of examples & excellent documentation.