Skip to main content

All About Crypter


What is a Crypter?
A Crypter is a software encryption which encrypts your viruses, keyloggers, RATS or any other hacking tool from becoming detected by Antiviruses. A Crypter makes Antiviruses pretty much useless. This is because when encrypting any malware tool, the Crypter uses various encryption methods to bypass Antiviruses from analysing the output.

What does Scantime and Runtime mean?
Scantime is a method used to bypass Antiviruses from analysing your encrypted files, while real time protection is enabled.Runtime is used to bypass Antiviruses when the encrypted file is executed. The Runtime method then decrypts the encryption in the memory. Generally all Crypters use the Scantime and Runtime method.

What is the Stub?
The Stub is packed with junk or undetected code to help your encrypted file stay fully undetected for some time or maybe even weeks. When the stub eventually becomes detected, the file becomes detected by antiviruses when executed on the machine.

What is EOF?
EOF is a short word for End of File. Some applications such as Bifrost and Cybergate require the End of file data to be Crypted without getting corrupted. If Crypters dont use this important functionality then the file output becomes corrupted.

What is the Client?
The client is the application and interface where you browse and encrypt your data.

What are Dependencies?
.NET Crypters uses the .NET framework functionality, to make the Crypter function. Therefore .NET Crypters requires the .NET 2.0 for the encrypted data to execute. Some Crypters uses no dependencies and this means the victim machine doesnt require .NET in order for the file to work.

What is a file binder?
A file binder is used to bind executable file to other files such as .PDF, .DOC, .GIF and etc.

What is a Downloader?
A downloader downloads and executes the file which was uploaded on the link, on the first run. A downloader reduces the size of the file.

What is the Startup option?
When Crypting files it is important to select the Startup option. When the file gets executed on the machine and if the Startup option is not checked, then this means when the machine is restarted you will lose the client.

What is Pump File?
A file pumper increases and adds bytes to the Crypter file to increase the output size.

What does Melt file do?
When the Crypted file is executed, the file itself melts and deletes itself from the machine.

What does Hide file do?
When the Crypted file is executed it stays in the same place, but it changes its view mode from visible to hidden.

What is Delay Execution?
Delay execution typically delays the execution of the decryption process, by some seconds. This can also become useful when bypassing popular antiviruses on runtime. This can also make the Crypted file look less suspicious.

What are Antis used for?
Antis are used to bypass certain applications such as Anti-Sandboxie, Anti VM-Ware and etc. For example when the Crypted file is executed in Sandboxie, the Crypted file will refuse to execute in Sandboxie because the Anti-Sandboxie option was checked before Crypted.

What is a Botkiller?
A Botkiller is uses to kill other Crypted files which are installed on the machine.

What is Persistence?
The persistence option makes the Crypted file harder from becoming killed by Botkillers.

What is a USG?
A USG is a generator that produces unique stubs. Each Stub is different and  used to crypt the stated file. The Crypter Fudness does not last so long so therefore the USG helps the Crypter by giving out FUD outputs.
Labels:

Comments

Unknown said…
Thanks

Have you tried xProtect from this crypter site?
August 25, 2016 at 7:22 PM
Post a Comment

Popular posts from this blog

Fix HTTPS issue in browser - Burp Suite

If you get message "Software is Preventing Firefox From Safely Connecting to This Site. Most likely a safe site, but a secure connection could not be established. This issue is caused by The original certificate provided by the web server is untrusted., which is either software on your computer or your network." lets see the tutorial. 1. With Burp suite running, visit http://burp in your browser and click the "CA Certificate" link to download and save your Burp CA certificate. Remember where you save the Burp CA certificate.
Post a Comment
Read more

How To Enable DNS over HTTPS

  DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. An alternative to DoH is the DNS over TLS (DoT) protocol, a similar standard for encrypting DNS queries, differing only in the methods used for encryption and delivery. On the basis of privacy and security, whether or not a superior protocol exists among the two is a matter of controversial debate, while others argue the merits of either depend on the specific use case. Benefits DoH improves privacy by hiding domain name lookups from someone lurking on public WiFi, your ISP, or anyone else on your local network. DoH, when enabled, ensures that your ISP cannot collect and sell personal information related to your browsi
Post a Comment
Read more

Artillery - Binary Defense Project

Project Artillery is an open source project aimed at the detection of early warning indicators and attacks. The concept is that Artillery will spawn multiple ports on a system giving the attacker the idea that multiple ports are exposed. Additionally, Artillery actively monitors the filesystem for changes, brute force attacks, and other indicators of compromise. Artillery is a full suite for protection against attack on Linux and Windows based devices. It can be used as an early warning indicator of attackers on your network. Additionally, Artillery integrates into threat intelligence feeds which can notify when a previously seen attacker IP address has been identified. Artillery supports multiple configuration types, different versions of Linux, and can be deployed across multiple systems and events sent centrally. Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect ins
Post a Comment
Read more