Ultimate Guide on Crypters

download Ultimate Guide on Crypters

of 5

Transcript of Ultimate Guide on Crypters

  • 8/6/2019 Ultimate Guide on Crypters

    1/5

    Ultimate Guide on

    Cryptersby ShadowNET aka. Envy

    Introduction

    First, about me. I am ShadowNET and I am currently 14 years old. I am very interested in

    Website Hacking & Security and could proudly show off my skills. I wrote this eBook about

    crypters. I will cover almost everything about it, how to make them, how to undetect them,

    how they work and what they do. After reading this guide, I can guarantee you, your knowledge

    will be expanded and you will know almost everything about crypters. I am going to show you

    also some methods and advices if you are going to make your own crypter.

    Legal stuff

    This eBook was made by ShadowNET aka. Envy and if you bought it from another one, please

    report it to this email:[email protected]. You will be rewarded. Please provide

    some legit Proof. This eBook is copyrighted and NOT allowed to be shared in any way. We do

    not take any responsibility from the content of this eBook. This eBook cannot be RESOLD in any

    way!

    Enough talking, let us begin.

    mailto:[email protected]:[email protected]:[email protected]:[email protected]
  • 8/6/2019 Ultimate Guide on Crypters

    2/5

    CrypterWhat is it?

    Crypters came from the word encryption and decryption. On the Internet they are usually used

    to make your virusses (eg. Trojans, Keyloggers, Stealers etc.) undetected from Antivirusses.

    That means if your virus is getting detected, you can make it FUD (Fully Undetected) or UD(Undetected). This can benefit you in many situations. For example you want to infect your

    friends, they receive the file and their AV alerts them. What would he say? F*ck off dude.

    Now guess you got a Crypter and make it undetectable. He opens and you successfully infected

    him.

    Crypters How do they work?

    It is pretty simple to understand how crypters work. There are usually 2 Files, the Crypter andthe Stub. On the crypter you select a file using OpenFileDialog from your computer. After

    pressing the Crypt Button, it reads the bytes of the selected files and encrypts them. Then, it

    writes the encrypted bytes to the Stub using EOF or Resources and other methods. Then the

    Stub stores the data and creates the output file with the encrypted bytes in there. When

    executing, the bytes will be decrypted using the same Cryption method. After decrypting, the

    bytes will be converted to a file and executed. Some crypters are Scantime and some crypters

    are Runtime. I will be explaining this in the next topic.

    Crypters Scantime and Runtime?

    There are two kinds of crypters. Scantime and Runtime. When the crypter is scantime, the

    crypted file drops the original virus out. That means, if you have read the topic above, you

    would understand, it writes the decrypted bytes to the file. That is named Dropping. The

    Dropped file (in this case the original virus) will be executed using Shell Execute command or

    others. These kind of crypters are BAD, because when the file is being dropped out, the

    antivirus catches it. Runtime is when the decrypted bytes will be executed in Memory, that

    means it uses a RunPE. It injects the bytes into an active process and bypasses the antivirus to

    catch it up. These kind of crypters are GOOD. When the crypter is Runtime, it is also

    automatically scantime too. If the crypter is scantime, then it is ONLY scantime.

  • 8/6/2019 Ultimate Guide on Crypters

    3/5

    Crypters What makes a crypter very good?

    To make a nice Crypter, or if you want to buy one, I have provided here some aspects that you

    need to take care off when buying crypters. Good crypters should be:

    Runtime. (Read above for more Informations) Fully Undetected (FUD) No dependencies (That means the Crypter cannot be coded in .NET (C#, VB.NET etc) or

    JAVA. This will reduce the count of victims you might get. Why? Because not every

    machine has .NET and/or JAVA installed so executing the crypted file will fail.)

    Should support EOF (EOF = End of file. Some RATs (Remote Administration Tools) andother tools use this. If the crypter is not compatible with EOF, then the crypting will fail.)

    Crypters Making a Crypter FUD.

    There are several ways to make a Crypter undetected again. PE Compressors, Hex Editors,

    OllyDebugger and more. I am going to show you how to do this. Well first off, we will need a

    crypter source code, or if you have your own crypter made, you can do it there too. I have

    included some source codes in the Crypter Sources folder.These sources are for Visual Basic 6, so here you can download the CLEAN version of VB6

    Portable:http://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rar

    Okay, so first off, download the source and the Visual Basic 6. Unpack both of them to the same

    folder. First run the Visual Basic 6.exe and do the following: Click on Reg Key (allows .Exe

    creation). Then there will pop up a message, simply click on ok. We have successfully

    registered this version of Visual Basic. Ok, you can close it for now. Download a Crypter (Visual

    Basic 6) Source code and then we will obfuscate the source code using ACO. ACO Is a great

    program (Code Obfuscator) made by Abronsius. I have made a Video for this part, that you can

    find in the .RAR Archive of the eBook in the folder Videos and it is named Using ACO First

    Video. After you have followed this video, create your Stub.exe or any other name. Go to

    File>Make sthhere.exe and save it in your location. Now let us think what we just did. TheACO did the dirty work for us. We have randomized all strings, sub names, function names, we

    have replaced some functions and we changed their place. So basically we re-did the whole

    source code. Okay, we can close the ACO now, it is time for OllyDebugger! Follow the video in

    the Videos folder. Its name is Olly-DebuggerSecond Video. Now let us come to hexing, the

    video is called Hexing Third Video. Okay, you have done it. Save the file. Now let us come to

    something more exciting.

    http://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rarhttp://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rarhttp://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rarhttp://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rar
  • 8/6/2019 Ultimate Guide on Crypters

    4/5

    Open the ResHacker in the Tools folder. We will need to import there our Stub. Go to File>Open

    and select your Stub. Now you should see something like this:

    What we want to do is, we want to change the Icon to a HQ one. Go to:www.iconspedia.com

    to get some HQ Icons. Now follow these screenshots:

    Now you will get a form

    http://www.iconspedia.com/http://www.iconspedia.com/http://www.iconspedia.com/http://www.iconspedia.com/
  • 8/6/2019 Ultimate Guide on Crypters

    5/5

    Save the file and let us scan! Old Stub was: 12/16

    New Stub: 2/16

    Well that were the basic methods, hope you enjoyed them!

    This eBook was made for leethackers.org. Join us for more!

    http://www.leethackers.org

    http://www.leethackers.org/http://www.leethackers.org/http://www.leethackers.org/