Scribd Logo
Upload

Welcome to Scribd!

  • Ultimate Guide On Crypters

    Uploaded by

    Abhishek Vijay
    658 views5 pages
    ShadowNET aka. Envy wrote this eBook about crypters. It will cover almost everything about it, how to make them, how to undetect them, how they work and what they do.

    Original Description:

    Original Title

    Ultimate Guide on Crypters

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ShadowNET aka. Envy wrote this eBook about crypters. It will cover almost everything about it, how to make them, how to undetect them, how they work and what they do.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    658 views5 pages

    Ultimate Guide On Crypters

    Uploaded by

    Abhishek Vijay
    ShadowNET aka. Envy wrote this eBook about crypters. It will cover almost everything about it, how to make them, how to undetect them, how they work and what they do.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Ultimate Guide on

    Crypters
    by ShadowNET aka. Envy

    Introduction
    First, about me. I am ShadowNET and I am currently 14 years old. I am very interested in
    Website Hacking & Security and could proudly show off my skills. I wrote this eBook about
    crypters. I will cover almost everything about it, how to make them, how to undetect them,
    how they work and what they do. After reading this guide, I can guarantee you, your knowledge
    will be expanded and you will know almost everything about crypters. I am going to show you
    also some methods and advices if you are going to make your own crypter.

    Legal stuff
    This eBook was made by ShadowNET aka. Envy and if you bought it from another one, please
    report it to this email: maximc.none@googlemail.com. You will be rewarded. Please provide
    some legit Proof. This eBook is copyrighted and NOT allowed to be shared in any way. We do
    not take any responsibility from the content of this eBook. This eBook cannot be RESOLD in any
    way!

    Enough talking, let us begin.


    Crypter – What is it?
    Crypters came from the word encryption and decryption. On the Internet they are usually used
    to make your virusses (eg. Trojans, Keyloggers, Stealers etc.) undetected from Antivirusses.
    That means if your virus is getting detected, you can make it FUD (Fully Undetected) or UD
    (Undetected). This can benefit you in many situations. For example you want to infect your
    friends, they receive the file and their AV alerts them. What would he say? “F*ck off dude”.
    Now guess you got a Crypter and make it undetectable. He opens and you successfully infected
    him.

    Crypters – How do they work?


    It is pretty simple to understand how crypters work. There are usually 2 Files, the Crypter and
    the Stub. On the crypter you select a file using OpenFileDialog from your computer. After
    pressing the “Crypt” Button, it reads the bytes of the selected files and encrypts them. Then, it
    writes the encrypted bytes to the Stub using EOF or Resources and other methods. Then the
    Stub stores the data and creates the output file with the encrypted bytes in there. When
    executing, the bytes will be decrypted using the same Cryption method. After decrypting, the
    bytes will be converted to a file and executed. Some crypters are Scantime and some crypters
    are Runtime. I will be explaining this in the next topic.

    Crypters – Scantime and Runtime?


    There are two kinds of crypters. Scantime and Runtime. When the crypter is scantime, the
    crypted file drops the original virus out. That means, if you have read the topic above, you
    would understand, it writes the decrypted bytes to the file. That is named “Dropping”. The
    Dropped file (in this case the original virus) will be executed using Shell Execute command or
    others. These kind of crypters are BAD, because when the file is being dropped out, the
    antivirus catches it. Runtime is when the decrypted bytes will be executed in Memory, that
    means it uses a RunPE. It injects the bytes into an active process and bypasses the antivirus to
    catch it up. These kind of crypters are GOOD. When the crypter is Runtime, it is also
    automatically scantime too. If the crypter is scantime, then it is ONLY scantime.
    Crypters – What makes a crypter very good?
    To make a nice Crypter, or if you want to buy one, I have provided here some aspects that you
    need to take care off when buying crypters. Good crypters should be:

     Runtime. (Read above for more Informations)


     Fully Undetected (FUD)
     No dependencies (That means the Crypter cannot be coded in .NET (C#, VB.NET etc) or
    JAVA. This will reduce the count of victims you might get. Why? Because not every
    machine has .NET and/or JAVA installed so executing the crypted file will fail.)
     Should support EOF (EOF = End of file. Some RAT’s (Remote Administration Tools) and
    other tools use this. If the crypter is not compatible with EOF, then the crypting will fail.)

    Crypters – Making a Crypter FUD.


    There are several ways to make a Crypter undetected again. PE Compressors, Hex Editors,
    OllyDebugger and more. I am going to show you how to do this. Well first off, we will need a
    crypter source code, or if you have your own crypter made, you can do it there too. I have
    included some source codes in the “Crypter Sources” folder.

    These sources are for Visual Basic 6, so here you can download the CLEAN version of VB6
    Portable: http://localhostr.com/file/vTW4DV1/VisualBasic6Portable.rar

    Okay, so first off, download the source and the Visual Basic 6. Unpack both of them to the same
    folder. First run the Visual Basic 6.exe and do the following: Click on “Reg Key (allows .Exe
    creation)”. Then there will pop up a message, simply click on ‘ok’. We have successfully
    registered this version of Visual Basic. Ok, you can close it for now. Download a Crypter (Visual
    Basic 6) Source code and then we will ‘obfuscate’ the source code using ACO. ACO – Is a great
    program (Code Obfuscator) made by Abronsius. I have made a Video for this part, that you can
    find in the .RAR Archive of the eBook in the folder ‘Videos’ and it is named “Using ACO – First
    Video”. After you have followed this video, create your Stub.exe or any other name. Go to
    File>”Make sthhere.exe…” and save it in your location. Now let us think what we just did. The
    ACO did the dirty work for us. We have randomized all strings, sub names, function names, we
    have replaced some functions and we changed their place. So basically we re-did the whole
    source code. Okay, we can close the ACO now, it is time for OllyDebugger! Follow the video in
    the Videos folder. It’s name is “Olly-Debugger – Second Video”. Now let us come to hexing, the
    video is called “Hexing – Third Video”. Okay, you have done it. Save the file. Now let us come to
    something more exciting.
    Open the ResHacker in the Tools folder. We will need to import there our Stub. Go to File>Open
    and select your Stub. Now you should see something like this:

    What we want to do is, we want to change the Icon to a HQ one. Go to: www.iconspedia.com
    to get some HQ Icons. Now follow these screenshots:

    Now you will get a form…


    Save the file and let us scan! Old Stub was: 12/16

    New Stub: 2/16

    Well that were the basic methods, hope you enjoyed them!

    This eBook was made for leethackers.org. Join us for more!

    http://www.leethackers.org

    You might also like