Forum Thread: Make Runtime Crypter

Make Runtime Crypter

Hi, I just finished my own crypter, I write it in vb and it works "great". Scanning online it went from 27/35 detection to 1/35, the only problem is that it is only scantime. Practically it merges the stub, the crypted payload and a file to bind with, using a certain string as splitter, when the file is ran it splits the contents and create a temp .exe with the payload encrypted and then execute it. Logically the AV detects it and removes it before it's launched so it is pretty useless. I read about the runtime crypter that decrypt the payload directly in memory so the AV can't detect it, but I don't understand how to do it, so can someone point me in the right direction? Maybe linking me something about it, I'll appreciate. Thanks

2 Responses

You can take a look to the code of UPX . It is a packer, but the principle is the same (run-time unzip pretty much the same than run-time decrypt). Maybe somebody else can give you better pointers specifically for Windows.

You can also take a look to this very basic article for the overall idea on how they work. It targets ELF format for Linux though.

For Windows the executable format is called PE . I bet it would be pretty much the same thing but I had never played with PE so I cannot say for sure.

Good Luck

Thank you, I'll give it a shot

Share Your Thoughts

  • Hot
  • Active