We need it later again! Also don't use the name "0")Ģ. search for the resource with the type "BIN" and the name "132" (you may change this as you like but remember what you put in here. As we used the AES for encryption we need the same algorithm and the same AES key again for decryption. At the time of decryption, all parts of the exe is loaded into memory and is therefore invisible for the AVs. It decrypts the binary data found in the resource of the exe. Open the Visual Studio project "MyStub" by double clicking on "MyStub.sln" (see "1. But the dynamic analysis is very resource intensive so AVs running on normal end user computers don't support it.
#Crypter stub code
Only AVs which support dynamic code analysis are still able to detect it. This way AVs which do only support a static code analysis (most of the AVs) do not have the chance to detect your exe. This was the easy part of the tut ) Now let's move on to the Stub.Ī Stub is the part of an exe, that is responsible for decrypting the rest of the exe on runtime and to run the decrypted code in memory. This encrypted file should have exact the same size as the unencrypted file. If the Encrypter runs successfully a file called "encrypted.dat" will be generated in the same directory as the Encrypter. Either you do this by typing the command at the Win command prompt or you can also drag "server_to_encrypt.exe" onto "MyEncrypter.exe". "MyEncrypter.exe server_to_encrypt.exe"). The binary file to encrypt is passed to the Encrypter as the first parameter (e.g. Now you have got your Encrypter application "MyEncrypter.exe" in the project output directory.
(try to understand what the C++ code does!)Ĭompile the Visual Studio project by pressing F7. write the encrypted data to an output file encrypt the data with an AES key (you may change this key as you like)ģ. The encryption algorithm I used is the AES algorithm.Ģ. You need it to encrypt your exe, so AVs are not able to find pattern matches. this is for educational purpose, not for max performance) I'm not used to C++ coding, so please be lenient. (for all of you C++ pros out there: I know my code can be optimized. It should look like this (sorry, I have the german version of Visual Studio): Open the Visual Studio project "MyEncrypter" by double clicking on "MyEncrypter.sln" (see "1. my implementations of the Encrypter and the Stub (Visual Studio projects): Microsoft Visual C++ Express 2010: (the Express edition it is free) Play around with code to get your exe to be FUD again
#Crypter stub update
!!Important!! If you want to test your crypted exe with online AVs, do it only here ( ) and don't forget to check the checkbox "Do not distribute the sample"! Otherwise your exe will be distributed to the AV companies so they can exermine it and update their virus databases.ĥ. Cybergate: 290KB (before), 327KB (after) Poison Ivy: 10KB (before), 46KB (after) I don't know if this also works for Vista and 7. (other tools might also work with this technique, just test with your exe) Cybergate server (v1.07.5) (Hint: "Compress with UPX" must be disabled) Maybe these ideas are not new to you and someone else posted them already here somewhere. In this tutorial I'm going to explain how you can implement your own crypter and how you can play around with the code to get your exe FUD again if it gets detected some day. So I figured out a way to write my own crypter in C++. But the problem with those crypters is that they get detected very soon after they were published. I guess most of the public available crypters do it similarly. I'm not going to explain a completely new method of how executables can be made FUD. Please, Don't abuse this tutorial, Use it wisely. This tutorial is strictly for educational purposes only, I am not responsible for any of the action you may take upon others.
0 kommentar(er)
