Header Ads

Learn more about Crypters!

Hello everyone!

This is my new tutorial ,its noob friendly! Well you going to learn more about Crypter-stub connection. It's really easy & basic, but some people asking how they work. That's why I made this tutorial, lets start.

What's Crypter?

 Crypter's are programs used to encrypt your virus server and make it FUD from Anti-Virus software's. You can find many free crypter's. Crypter's can be coded in different programming languages: Visual Basic .NET, Visual Basic 2006, Delphi, C++ etc.

Crypters works something like this:

You open Crypter.exe, then choose Server and then click crypt button.


FUD means Fully Undetectable and UD means Undetectable.

A FUD crypter is theoretically/practically not detected by any AV at the time of it being scanned on Virus Scanners.

With increased use of Crypters to bypass anti-viruses, AV became more advanced and started including crypter definitions to even detect crypter strings within code. So, use of crypter to hide Rats(PI, Bifrost), Stealers and Bots became more complicated as nowadays, no publicly available crypter is FUD.

So, if you crypt RAT, Bot servers with publicly available crypters, they are bound to be detected by antiviruses. This is because most FUD crypters remain "FUD" for maximum of one or two days after their public release.Then they become UD.

So, if you want a FUD or close to FUD crypter, I suggest Buying one or learn to make public crypters FUD or Semi-FUD(The crypter which is detected by 2-3 AV's).

Parts of a Crypter

A Crypter has 2 parts:
A) The client is the interface where we may upload our file and use the options it brings, according to the programmer that made the crypter and crypt our files.

B) The stub is an executable file(.exe) or a. Dll some times. This file is used as a filter for files that are uploaded to the client crypter.

Functioning :
Once the client is open, it loads its stub ... goes through the file, and accordingly the file gets crypted as the stub.

Here is how executable crypters work:

1) The actual processor commands of a protected binary are crypted/obscured/munged whatever

2) When the protected application first starts, a small decrypter stub is first run that restores all of the original processor commands for the executable in memory.

3) Finally, the decrypter stub ends and transfers execution to the original entry point (OEP) and the program runs normally. So, basically the crypter's that have in-built stubs gets detected very fast, the others take some time to get detected.

Also you can modify the stub once it gets detected by changing the entry and exit points.

Types of Crypter

External Stub
Internal Stub

External Stub : Well most of you have downloaded a public crypter by now and when you open the folder you have seen 2 things:

Client.exe and Stub.exe

These type of crypters are called External Crypter in which the functionality of the crypter pretty much depends on the external stub.
You delete the stub and the crypter is useless.

Internal Stub : The crypters that contain only Client.exe fall under this category. In this the stub is coded within the crypter.

There are ways to detach the stub from the crypter, but in some other tutorial.

Runtime Crypters : The crypters that crypts a server that remains Undetectable upon running in the memory of a PC is called a runtime crypter.
This is the one you want for all your servers and executables.

Scantime Crypter : The crypters that crypts a server that remains Undetectable upon scanning by AV's but when run in the PC gets detected by the AV.

How long my Crypter will be FUD?

Well If you have read this far chances are you still are/or will be using public crypters for a while. So chances are that your crypter will go Semi-FUD within 1-3 weeks. Depends on the crypter and your own good will.

If you want that your FUD public/private crypters to remain FUD use only novirusthanks.org with option enabled DO NOT Re-Distribute data.

There are other methods to make your crypter FUD or Semi-FUD but that will be covered in other tutorials.

What do I need to know about crypter?

Well, very important thing about crypter is Stub. Stub must be in same folder with crypter or it won't crypt it.

I Builder - Crypters builder is used to encrypt the selected file. Some crypters can be Runtime and some Scantime only. Runtime FUD are Fully Undetected from Anti-Viruses when you run the crypted server and AV doesn't detects. Scantime is when you scan it with Anti-Virus.

II Stub - Crypters builder use Stub to encrypt & split builders data with stub and make new FUD-ed file.

III EOF - EOF aka. End-Of-File support means that your crypter can work with End-Of-File server's. Some server's will just crash or won't work when you crypt and if your crypter doesn't support EOF it won't end the terminal unless End-Of-File ends it.

IV Scantime - Scantime crypter is crypter that is FUD from all Anti-Viruses when you scan it. But it will be detected when you execute crypted scantime server, so its important to have RunPe module (read down).

V Runtime - Runtime crypter is crypter that is FUD when you execute your crypted file. Runtime crypter use RunPe module, which inject your Virus with some process from TaskMangr and make it fully un-visible from TaskManager process list.

Encryption Algorithms?

This is list of famous Encryption algorithms & encrypted text example:

RC4 - 07 B3 44 70 A9 EC 18 8A 15 F3 95
TEA - T)’1c â&Ý7| nÄòäœP›Ûw z\ËÖ‚LE–í1ûZ mGJžŠ$U [ñÃÏn
DES - � "Hɼ��L�/�V ����ȵ�z�
XOR - 8b2f56c9ab1fd6cf17e590706f35bae4a3d083fceb0423a311
BlowFish - U�9 m9�Nkm��f;/�~��D��
TwoFish - ��}q �� MlH m*�# �{ MDr*|_��

Tips & Suggestions

You bought FUD private crypter. You want to stay FUD for long time, then you will need to:

- Scan on NoVirusThanks.org only and make sure you checked Do not distribute the sample and then start with scan.

- Do not share your crypter with anyone or release it to public.

- Do not scan on Virustotal.com ~ Why? Well, Virustotal send every file you scan to AV companies and that will make your crypter UD.

- Do Not Scan on virusscan.jotti.org ~ Why? Same reason, they also distribute a sample.

Well that's everything you need to know about crypters,
if you have any question & suggestion please Comment
Powered by Blogger.