Hi, I just finished my own crypter, I write it in vb and it works "great". Scanning online it went from 27/35 detection to 1/35, the only problem is that it is only scantime. Practically it merges the stub, the crypted payload and a file to bind with, using a certain string as splitter, when the file is ran it splits the contents and create a temp .exe with the payload encrypted and then execute it. Logically the AV detects it and removes it before it's launched so it is pretty useless. I read about the runtime crypter that decrypt the payload directly in memory so the AV can't detect it, but I don't understand how to do it, so can someone point me in the right direction? Maybe linking me something about it, I'll appreciate. Thanks
Forum Thread: Make Runtime Crypter
- Hot
- Active
-
Forum Thread:
Hack Instagram Account Using BruteForce
182
Replies
8 hrs ago -
Forum Thread:
Kali Linux Problem...
7
Replies
17 hrs ago -
Forum Thread:
Creating a payload for Android with Metasploit???
1
Replies
1 day ago -
Forum Thread:
How to Get Access in a FTP Server After Getting Server's IPv6 Address?
0
Replies
1 day ago -
Kali Linux:
Installation Problem
12
Replies
1 day ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
34
Replies
1 day ago -
How to:
Install Metasploit Framework on Android | Part #1 - in TermuX
78
Replies
1 day ago -
Forum Thread:
How to Enable Port-Forwarding
14
Replies
2 days ago -
Forum Thread:
Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce
138
Replies
2 days ago -
Forum Thread:
Is It Possible to Upload a File to a Computer on the Same Network as You?
0
Replies
3 days ago -
Forum Thread:
What type of hash is used ?
1
Replies
3 days ago -
Forum Thread:
Ndiswrapper Not Supported with Aircrack-Ng Tools
3
Replies
3 days ago -
Forum Thread:
The Method of the Metasploit Meterpreter in the Site Is Really Work?
1
Replies
4 days ago -
Forum Thread:
Reverse-Engineering an Apk
0
Replies
5 days ago -
Forum Thread:
How to Hack a WordPress Website
6
Replies
5 days ago -
Forum Thread:
The Easiest Way to Hack a WordPress Site?
11
Replies
5 days ago -
How to:
Crack Instagram Passwords Using Instainsane
16
Replies
6 days ago -
Forum Thread:
List of Devices Attached Is Blank
0
Replies
1 wk ago -
Forum Thread:
Thanks for Your Interest in eBooks from Null Byte
0
Replies
1 wk ago -
Forum Thread:
Is there a way to trace address and phone number details using vehicle number?
0
Replies
1 wk ago
-
How To:
Find Exploits & Get Root with Linux Exploit Suggester
-
How To:
Catch USB Rubber Duckies on Your Computer with USBRip
-
How To:
Hijack Chromecasts with CATT to Display Images, Messages, Videos, Sites & More
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Analyze Wi-Fi Data Captures with Jupyter Notebook
-
How To:
Hack Wi-Fi Networks with Bettercap
-
How To:
Exploit WebDAV on a Server & Get a Shell
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
How To:
The Essential Skills to Becoming a Master Hacker
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
2 Responses
You can take a look to the code of UPX . It is a packer, but the principle is the same (run-time unzip pretty much the same than run-time decrypt). Maybe somebody else can give you better pointers specifically for Windows.
You can also take a look to this very basic article for the overall idea on how they work. It targets ELF format for Linux though.
For Windows the executable format is called PE . I bet it would be pretty much the same thing but I had never played with PE so I cannot say for sure.
Good Luck
Thank you, I'll give it a shot
Share Your Thoughts