Hi, I just finished my own crypter, I write it in vb and it works "great". Scanning online it went from 27/35 detection to 1/35, the only problem is that it is only scantime. Practically it merges the stub, the crypted payload and a file to bind with, using a certain string as splitter, when the file is ran it splits the contents and create a temp .exe with the payload encrypted and then execute it. Logically the AV detects it and removes it before it's launched so it is pretty useless. I read about the runtime crypter that decrypt the payload directly in memory so the AV can't detect it, but I don't understand how to do it, so can someone point me in the right direction? Maybe linking me something about it, I'll appreciate. Thanks
Forum Thread: Make Runtime Crypter
- Hot
- Active
-
Hacking and You:
The Various Shades of Hackers
27
Replies
1 hr ago -
Forum Thread:
How to Add Widgets on Your iPad in iPadOS 13
0
Replies
15 hrs ago -
Forum Thread:
How to Change Data from Rows to Columns in Excel
0
Replies
15 hrs ago -
Forum Thread:
How to Find Wordpress Websites Admin Login Username's Using D-TECT
0
Replies
19 hrs ago -
Forum Thread:
Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?
94
Replies
1 day ago -
Forum Thread:
Hack Cheating Wife's Windows 7 Admin Password
13
Replies
1 day ago -
Forum Thread:
What Are the Courses Which Leads to Become Like Elliot ?
1
Replies
1 day ago -
Forum Thread:
How to Install D-Tect in Termux Android
0
Replies
1 day ago -
Forum Thread:
How to Install and Use Sqlscan in Termux
0
Replies
2 days ago -
How to:
Embed MSF Payload in Original APK Files | Part #1 - Using TheFatRAT
13
Replies
2 days ago -
Forum Thread:
How to Install and Use Pureblood in Termux Without Root
0
Replies
2 days ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
125
Replies
3 days ago -
Forum Thread:
14 on Page SEO Techniques 2019
0
Replies
3 days ago -
Forum Thread:
How to Install Websploit (Mitm Framework) In Termux Without Root
0
Replies
3 days ago -
Forum Thread:
How I Can Hack Clash of Clans Game
10
Replies
3 days ago -
Forum Thread:
Virilaxyn RX on the Evaluate Greatly
0
Replies
4 days ago -
Forum Thread:
Metasploit Tutorial - Email Harvesting | Android Termux
0
Replies
4 days ago -
Forum Thread:
Metasploit Framework in Termux | New Method
0
Replies
4 days ago -
Forum Thread:
Trying to Create a .Php File That Stores User Inputs
1
Replies
5 days ago -
Forum Thread:
How to Make Pasta
0
Replies
5 days ago
-
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
-
Raspberry Pi Alternatives:
10 Single-Board Computers Worthy of Hacking Projects Big & Small
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Use Microsoft.com Domains to Bypass Firewalls & Execute Payloads
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
Hacking macOS:
How to Use Images to Smuggle Data Through Firewalls
-
How To:
Top 10 Browser Extensions for Hackers & OSINT Researchers
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How To:
The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Intercept Images from a Security Camera Using Wireshark
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
2 Responses
You can take a look to the code of UPX . It is a packer, but the principle is the same (run-time unzip pretty much the same than run-time decrypt). Maybe somebody else can give you better pointers specifically for Windows.
You can also take a look to this very basic article for the overall idea on how they work. It targets ELF format for Linux though.
For Windows the executable format is called PE . I bet it would be pretty much the same thing but I had never played with PE so I cannot say for sure.
Good Luck
Thank you, I'll give it a shot
Share Your Thoughts