Join our NFL football pool, $5 a week and a chance to win a lot more than that! Check the topic here: CLICK HERE

Victim of Venomz's Scam? Contact me, I may be able to help you recover some funds - TuxifieD

Make a recent trade or sale? Use the feedback system to leave a review!

 

[Tut][VB6]How to make your own crypter!!

212 posts in this topic

Posted · Report post

[hide]

Some things to know before you read this

    [*]I have included an example source file, but don't download it expecting to have a free FUD crypter

    [*]This guide doesn't cover every method of file undetection. I'm simply showing you one way you can decrease the number of detections your file gets.

    [*]I'm not responsible for whatever shenanigans you pull with this information

    What do anti-viruses look for in a file?

    First off, you will need some basic understanding of how anti-viruses work. Exe files are simply lines of instruction, and each line is called an offset.

    Posted Image

    (This is a screenshot of Hex Workshop)

    Anti-virus's have databases of these lines that are known to be associated with malicious files. They use that database to check against your file to see if it matches. If it does, then it is marked as infected. They do use other methods of detection, but this is the one I will show you how to avoid.

    What will the program need to do?

    Your crypter is going to take the contents of an infected file, encrypt them, and place it at the bottom of a seemingly virus-free file called your "stub".

    Your stub file will then extract the encrypted data from itself, decrypt it, then extract and run it.

    This may sound like a complicated and confusing process, but it isn't. Here are some diagrams I made to show your what I mean:

    Posted ImagePosted Image

    Example Source

    I've created an example program. I have not tested how FUD it will actually make a file, but I can guarantee it is not anywhere near 100%. The reason I did this is because I want YOU to make your crypters. If you think you are completely lost at this point, perhaps you are not ready yet. Read some VB6 tutorials, look at example programs, and learn! When you think you are ready, read through this whole thing again.

    I've thoroughly commented the code to help you

    http://www.mediafire.com/download.php?zncawy1ztzm

    Other things you can do

    What will be detected now is completely dependent on your stub.

    Some things you can do to make your stub further undetected:

      [*]Do NOT take code from other programs!

      [*]Change your variable or function names around to random things. (ex. dim stubFile as string can become dim hdfKd9jsd as string)

      [*]Do not include the word "stub" anywhere in your application.

      [*]After you've built your stub, go through it with a hex editor and try to find the word "stub" and take it out. Sometimes it ends up in there without you meaning to put it there.

      [*]Remove the version information from your stub. I recommend Resource Hacker for doing this.

      [*]When calling API's, use a function called CallApiByName. If you search around, I'm sure you will find an example of it.

      [*]There are many other things you can do. Look around on Hack Forums or Hack Hound. There are lots of great discussions about undetection techniques.

      [*]When test-scanning your file, use novirusthanks.org and check off "do not distribute." If you scan it with virustotal, they will distribute your file among the AV's.

      [*]Try not to publicly distribute your crypter

      [*]Don't give up!



ldRKbI5.png

L5WP15x.png

Share this post


Link to post
Share on other sites

Posted · Report post

lol +rep



XIN42UL.gifpomi-o.gif  

Share this post


Link to post
Share on other sites

Posted · Report post

Nice Tutorial f0wh-this needs to be pinned.



"Your mistakes, like mine, are a part of who you are now. You can't move on from that. believe me, I've made a sizable number. But...sometimes your mistakes can surprise you.

My biggest mistake, for instance, brought me here. At exactly this moment when you might need some help." -Finch

SSO2Ivx.png

Share this post


Link to post
Share on other sites

Posted · Report post

taken from hf? could've least given creds. dunno if its originally from hf but yea w/e u get my point..



ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ

ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ

ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ

Share this post


Link to post
Share on other sites

Posted · Report post

taken from hf? could've least given creds. dunno if its originally from hf but yea w/e u get my point..

Check topic description brah... I don't want to take credit for someone elses work, but when the person who made this is called "mudkip", I guess it's a little hard to differentiate what mudkip I'm talking about.


ldRKbI5.png

L5WP15x.png

Share this post


Link to post
Share on other sites

Posted · Report post

Check topic description brah... I don't want to take credit for someone elses work, but when the person who made this is called "mudkip", I guess it's a little hard to differentiate what mudkip I'm talking about.

tru dat, sorry :D


ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ

ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ

ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ ᕦ( ͡° ͜ʖ ͡°)ᕤ

Share this post


Link to post
Share on other sites

Posted · Report post

reply'd



v - Signatures - v

rwqw5i.pngcrawlerx.png

wowsig.pngcrawlerf.png

[x] 100 Posts [x] 500 Posts [x] 1K Posts [] 2K Posts ---------------------- [] Buy VIP

Share this post


Link to post
Share on other sites

Posted · Report post

want



Share this post


Link to post
Share on other sites

Posted · Report post

thx dude i'll check it



bvlIw.pngNIX & HAX 's Steam Shop :

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

doesnt hurt to lookhmm where have i seen this exact thread from??? HF maybe?? :D

Edited by th3knif3r


guzzie.png

Share this post


Link to post
Share on other sites

Posted · Report post

ty



76561197960318142.png 29523.png

Share this post


Link to post
Share on other sites

Posted · Report post

+rep



Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now