Hi, I just finished my own crypter, I write it in vb and it works "great". Scanning online it went from 27/35 detection to 1/35, the only problem is that it is only scantime. Practically it merges the stub, the crypted payload and a file to bind with, using a certain string as splitter, when the file is ran it splits the contents and create a temp .exe with the payload encrypted and then execute it. Logically the AV detects it and removes it before it's launched so it is pretty useless. I read about the runtime crypter that decrypt the payload directly in memory so the AV can't detect it, but I don't understand how to do it, so can someone point me in the right direction? Maybe linking me something about it, I'll appreciate. Thanks
Forum Thread: Make Runtime Crypter
- Hot
- Active
-
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
2 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
4 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
6 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
7 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
7 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
10 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
10 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
10 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
11 mo ago
-
Hack Like a Pro: How to Crack Passwords, Part 3 (Using Hashcat)
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
Hack Like a Pro: How to Crack User Passwords in a Linux System
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To: Dox Anyone
-
Tutorial: DNS Spoofing
-
How To: Use Hash-Identifier to Determine Hash Types for Password Cracking
-
How To: Spy on Your "Buddy's" Network Traffic: An Intro to Wireshark and the OSI Model
-
How To: Use Leaked Password Databases to Create Brute-Force Wordlists
-
How To: Perform Local Privilege Escalation Using a Linux Kernel Exploit
-
Hack Like a Pro: Finding Potential SUID/SGID Vulnerabilities on Linux & Unix Systems
-
Locking Down Linux: Harden Sudo Passwords to Defend Against Hashcat Attacks
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
Hack Like a Pro: How to Find Directories in Websites Using DirBuster
-
How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To: Use Kismet to Watch Wi-Fi User Activity Through Walls
-
How To: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To: Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How To: Set Up a Wi-Fi Spy Camera with an ESP32-CAM
2 Responses
You can take a look to the code of UPX . It is a packer, but the principle is the same (run-time unzip pretty much the same than run-time decrypt). Maybe somebody else can give you better pointers specifically for Windows.
You can also take a look to this very basic article for the overall idea on how they work. It targets ELF format for Linux though.
For Windows the executable format is called PE . I bet it would be pretty much the same thing but I had never played with PE so I cannot say for sure.
Good Luck
Thank you, I'll give it a shot
Share Your Thoughts