What is a crypter?
A Crypter is a software used to hide our viruses, keyloggers or any RAT tool
from antiviruses so that they are not detected and deleted by antiviruses.
Thus, a crypter is a program that allows users to crypt the source code of their program.
Generally, antivirus work by splitting source code of application and then search for
certain string within source code. If antivirus detects any certain malicious strings,
it either stops the scan or deletes the file as virus from system.
Thus a crypter basically makes an infected file FUD or UD by encrypting it.

What does UD and FUD mean?
UD means undetectable, so only a few antivirus programs detect it.
FUD is acronym for Fully UnDetectable, so no antivirus detect it. I reccomend to scan all the
files you crypt on  .Also make sure you check the box
"Do not distribute sample"

Also as a headsup please DO NOT scan your crypted servers on "Virus Total" as they
send over all the infected files to the antivirus companies,thus spelling doom for the
"FUDness" of your crypter.

What does a crypter really do?
A Crypter simply assigns hidden values to each individual code within source code. Thus,
the source code becomes hidden. Hence, our sent crypted trojan and virus bypass antivirus
detection and our purpose of hacking them is fulfilled without any AV (Anti Virus) hindrance.
Not only does this crypter hide source code, it will unpack the encryption once the program is
executed.

How does a crypter really work?
As some of you must be wondering,how does a crypter do the wonderful job of hiding your
infected servers,away from the preying eyes of the antiviruses?
Well, the basic working of a crypter is explained below.

The Crypter takes the original binary file of you exe and applies many encryptions on it
and stores on the end of file(EOF).So a new crypted executable file is created.

Original Exe Crypted Exe
(ORIGINAL)001————- (CRYPTED)010


The new exe is not detected by antiviruses because its code is scrambled by the crypter.
When executed the new .exe file decrypts the binary file into small data small pieces
at a time and injects them into another already existing process or a new empty one,
OR it drops the code into multiple chunks in alternative data streams(not scanned by most a/v)
then executes it as a .txt or .mp3 file.

Can I hide my crypted files in another program?
The simple answer to this is yes.For this we can make the use of file binders.Some crypters come
inbuilt with binders,some are not,but we can easily use a binder program to meet our purpose.
A file binder is very self explanatory.It binds,or puts two files together as one,hence when one
opens this "binded" file,two files will execute at once. A binder makes a server look even more stealthy,
than just a simply crypted file.

What are the parts of a crypter?
Generally a crypter has two parts

°A client,
°A stub.

The client is the interface where we may upload our file and use the options it brings,
according to the programmer that made the crypter and crypt our files.

The stub is an executable file(.exe) or a. Dll some times.
This file is used as a filter for files that are uploaded to the client crypter

What are the types of crypters?
Well crypters can be broadly classified into the following types:
Types of Crypter

° External Stub
° Internal Stub
° Runtime
° Scantime

External Stub : Well most of you have downloaded a public crypter by now and when you open the
folder you have seen 2 things:

1.Client.exe and 2.Stub.exe

These type of crypters are called External Crypter in which the functionality of the crypter pretty
much depends on the external stub.
You delete the stub and the crypter is useless.

Internal Stub : The crypters that contain only Client.exe fall under this category.
In this the stub is coded within the crypter.


Runtime Crypters : The crypters that crypts a server that remains Undetectable upon running in the
memory of a PC is called a runtime crypter.A Runtime crypter encrypts the specified file and when it
is executed,it is decrypted in the memory.This way the antiviruses are not

please use what i post for legal things  

0 comments:

Post a Comment

WELLCOME MY WEB

 
Top