8/6/2019 Ultimate Guide on Crypters

1/5

Ultimate Guide on

Cryptersby ShadowNET aka. Envy

Introduction

First, about me. I am ShadowNET and I am currently 14 years old. I am very interested in

Website Hacking & Security and could proudly show off my skills. I wrote this eBook about

crypters. I will cover almost everything about it, how to make them, how to undetect them,

how they work and what they do. After reading this guide, I can guarantee you, your knowledge

will be expanded and you will know almost everything about crypters. I am going to show you

also some methods and advices if you are going to make your own crypter.

Legal stuff

This eBook was made by ShadowNET aka. Envy and if you bought it from another one, please

report it to this email:maximc.none@googlemail.com. You will be rewarded. Please provide

some legit Proof. This eBook is copyrighted and NOT allowed to be shared in any way. We do

not take any responsibility from the content of this eBook. This eBook cannot be RESOLD in any

way!

Enough talking, let us begin.

mailto:maximc.none@googlemail.commailto:maximc.none@googlemail.commailto:maximc.none@googlemail.commailto:maximc.none@googlemail.com

8/6/2019 Ultimate Guide on Crypters

2/5

CrypterWhat is it?

Crypters came from the word encryption and decryption. On the Internet they are usually used

to make your virusses (eg. Trojans, Keyloggers, Stealers etc.) undetected from Antivirusses.

That means if your virus is getting detected, you can make it FUD (Fully Undetected) or UD(Undetected). This can benefit you in many situations. For example you want to infect your

friends, they receive the file and their AV alerts them. What would he say? F*ck off dude.

Now guess you got a Crypter and make it undetectable. He opens and you successfully infected

him.

Crypters How do they work?

It is pretty simple to understand how crypters work. There are usually 2 Files, the Crypter andthe Stub. On the crypter you select a file using OpenFileDialog from your computer. After

pressing the Crypt Button, it reads the bytes of the selected files and encrypts them. Then, it

writes the encrypted bytes to the Stub using EOF or Resources and other methods. Then the

Stub stores the data and creates the output file with the encrypted bytes in there. When

executing, the bytes will be decrypted using the same Cryption method. After decrypting, the

bytes will be converted to a file and executed. Some crypters are Scantime and some crypters

are Runtime. I will be explaining this in the next topic.

Crypters Scantime and Runtime?

There are two kinds of crypters. Scantime and Runtime. When the crypter is scantime, the

crypted file drops the original virus out. That means, if you have read the topic above, you

would understand, it writes the decrypted bytes to the file. That is named Dropping. The

Dropped file (in this case the original virus) will be executed using Shell Execute command or

others. These kind of crypters are BAD, because when the file is being dropped out, the

antivirus catches it. Runtime is when the decrypted bytes will be executed in Memory, that

means it uses a RunPE. It injects the bytes into an active process and bypasses the antivirus to

catch it up. These kind of crypters are GOOD. When the crypter is Runtime, it is also

automatically scantime too. If the crypter is scantime, then it is ONLY scantime.

8/6/2019 Ultimate Guide on Crypters

3/5

Crypters What makes a crypter very good?

To make a nice Crypter, or if you want to buy one, I have provided here some aspects that you

need to take care off when buying crypters. Good crypters should be:

Runtime. (Read above for more Informations) Fully Undetected (FUD) No dependencies (That means the Crypter cannot be coded in .NET (C#, VB.NET etc) or

JAVA. This will reduce the count of victims you might get. Why? Because not every

machine has .NET and/or JAVA installed so executing the crypted file will fail.)

Should support EOF (EOF = End of file. Some RATs (Remote Administration Tools) andother tools use this. If the crypter is not compatible with EOF, then the crypting will fail.)

Crypters Making a Crypter FUD.

There are several ways to make a Crypter undetected again. PE Compressors, Hex Editors,

OllyDebugger and more. I am going to show you how to do this. Well first off, we will need a

crypter source code, or if you have your own crypter made, you can do it there too. I have

included some source codes in the Crypter Sources folder.These sources are for Visual Basic 6, so here you can download the CLEAN version of VB6

Portable:http://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rar

Okay, so first off, download the source and the Visual Basic 6. Unpack both of them to the same

folder. First run the Visual Basic 6.exe and do the following: Click on Reg Key (allows .Exe

creation). Then there will pop up a message, simply click on ok. We have successfully

registered this version of Visual Basic. Ok, you can close it for now. Download a Crypter (Visual

Basic 6) Source code and then we will obfuscate the source code using ACO. ACO Is a great

program (Code Obfuscator) made by Abronsius. I have made a Video for this part, that you can

find in the .RAR Archive of the eBook in the folder Videos and it is named Using ACO First

Video. After you have followed this video, create your Stub.exe or any other name. Go to

File>Make sthhere.exe and save it in your location. Now let us think what we just did. TheACO did the dirty work for us. We have randomized all strings, sub names, function names, we

have replaced some functions and we changed their place. So basically we re-did the whole

source code. Okay, we can close the ACO now, it is time for OllyDebugger! Follow the video in

the Videos folder. Its name is Olly-DebuggerSecond Video. Now let us come to hexing, the

video is called Hexing Third Video. Okay, you have done it. Save the file. Now let us come to

something more exciting.

http://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rarhttp://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rarhttp://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rarhttp://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rar

8/6/2019 Ultimate Guide on Crypters

4/5

Open the ResHacker in the Tools folder. We will need to import there our Stub. Go to File>Open

and select your Stub. Now you should see something like this:

What we want to do is, we want to change the Icon to a HQ one. Go to:www.iconspedia.com

to get some HQ Icons. Now follow these screenshots:

Now you will get a form

http://www.iconspedia.com/http://www.iconspedia.com/http://www.iconspedia.com/http://www.iconspedia.com/

8/6/2019 Ultimate Guide on Crypters

5/5

Save the file and let us scan! Old Stub was: 12/16

New Stub: 2/16

Well that were the basic methods, hope you enjoyed them!

This eBook was made for leethackers.org. Join us for more!

http://www.leethackers.org

http://www.leethackers.org/http://www.leethackers.org/http://www.leethackers.org/