Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- So many threads on how to make a crypter, but no actual research. Here is everything you need. Some might be unrelated to crypters, but definitely great articles.
- Before asking how to code a crypter, please read these. There are so many tutorials & guides online and only thing what you are looking from here by asking how to code a crypter is a shortcut.
- There isn't one, except copy & paste. If you weren't looking for a shortcut on programming a crypter, then your researching skills lacks.
- [b]Add Section and Import Function Manually[/b]
- Link: http://tuts4you.com/download.php?view.1569
- [b]Adding a Section in PE[/b]
- Link: http://tuts4you.com/download.php?view.527
- [b]Adding Sections[/b]
- Link: http://tuts4you.com/download.php?view.225
- [b]Advanced PE Image Rebuilding[/b]
- Link: http://tuts4you.com/download.php?view.226
- [b]An In-Depth Look into the Win32 PE File Format[/b]
- Link: http://tuts4you.com/download.php?view.228
- [b]PE Brief Notes[/b]
- Link: http://tuts4you.com/download.php?view.232
- [b]PE File Structure[/b]
- Link: http://tuts4you.com/download.php?view.238
- [b]PE101 - A Windows Executable Walkthrough[/b]
- Link: http://tuts4you.com/download.php?view.3321
- [b]PE102 - A Windows Executable Format Overview[/b]
- Link: http://tuts4you.com/download.php?view.3502
- [b]The PE File Format[/b]
- Link: http://tuts4you.com/download.php?view.241
- [b]The PE Format[/b]
- Link: http://tuts4you.com/download.php?view.3085
- [b]The PE Header[/b]
- Link: http://tuts4you.com/download.php?view.240
- [b]The Portable Executable File Format[/b]
- Link: http://tuts4you.com/download.php?view.2892
- [b]Operating Systems Development - Portable Executable (PE) [/b]
- Link: http://www.brokenthorn.com/Resources/OSDevPE.html
- [b]Visualizations of the Portable Executable File Format[/b]
- Link: http://tuts4you.com/download.php?view.3380
- [b]Win32 Resource File Format[/b]
- Link: http://tuts4you.com/download.php?view.242
- [b]Understanding Windows Shellcode[/b]
- Link: http://tuts4you.com/download.php?view.1237
- [b]Binary Code Obfuscation Through C++ Template Meta-Programming[/b]
- Link: http://tuts4you.com/download.php?view.3423
- [b]Mimimorphism: A New Approach to Binary Code Obfuscation[/b]
- Link: http://tuts4you.com/download.php?view.3027
- [b]On Entropy Measures for Code Obfuscation[/b]
- Link: http://tuts4you.com/download.php?view.3370
- [b]Advanced Encryption Standard by Example[/b]
- Link: http://tuts4you.com/download.php?view.167
- [b]Anti-Unpacker Tricks 1[/b]
- Link: http://tuts4you.com/download.php?view.2277
- [b]Anti-Unpacker Tricks 2 - Part 1[/b]
- Link: http://tuts4you.com/download.php?view.2544
- [b]Anti-Unpacker Tricks 2 - Part 2[/b]
- Link: http://tuts4you.com/download.php?view.2630
- [b]Anti-Unpacker Tricks 2 - Part 3[/b]
- Link: http://tuts4you.com/download.php?view.2647
- [b]Anti-Unpacker Tricks 2 - Part 5[/b]
- Link: http://tuts4you.com/download.php?view.2702
- [b]Anti-Unpacker Tricks 2 - Part 6[/b]
- Link: http://tuts4you.com/download.php?view.2740
- [b]Anti-Unpacker Tricks 2 - Part 8[/b]
- Link: http://tuts4you.com/download.php?view.2928
- [b]Anti-Unpacker Tricks 2 - Part 9[/b]
- Link: http://tuts4you.com/download.php?view.2940
- [b]The Ultimate Anti-Debugging Reference[/b]
- Link: http://tuts4you.com/download.php?view.3260
- [b]Windows Anti-Debug Reference[/b]
- Link: http://tuts4you.com/download.php?view.1919
- [b]Ideas on advanced runtime encryption of .NET Executables[/b]
- Link: http://www.nullsecurity.net/papers/nullsec-net-crypter.pdf
- [b]Implementation of Runtime PE-Crypter[/b]
- Link: http://www.nullsecurity.net/papers/nullsec-bsides-slides.pdf
- [b]Hyperion: Implementation of a PE-Crypter[/b]
- Link: http://www.nullsecurity.net/papers/nullsec-pe-crypter.pdf
- [b]Bypassing Address Space Layout Randomization[/b]
- Link: http://www.nullsecurity.net/papers/nullsec-bypass-aslr.pdf
- [b]Unprotecting the crypter - a generic approach[/b]
- Link: http://www.exploit-db.com/wp-
- content/themes/exploit/docs/18242.pdf
- [b]Crypter Theory Part 1 - The DOS MZ Header[/b]
- Link: http://nn-fraktion.blogspot.com/2013/01/crypter-theory-part-1-dos-mz-header.html
- [b]Crypter Theory Part 2 - PE Header 1/2[/b]
- Link: http://nn-fraktion.blogspot.fi/2013/01/crypter-theory-part-2-pe-header-12.html
- [b]PE File Features in Detection of Packed Executables [/b]
- Link: http://www.ijcte.org/papers/512-S10014.pdf
- [b]Antivirus evasion techniques show ease in avoiding antivirus detection[/b]
- Link: http://searchsecurity.techtarget.com/feature/Antivirus-evasion-techniques-show-ease-in-avoiding-antivirus-detection
- [b]Anti-virus Evasion Techniques [/b]
- Link: http://dl.packetstormsecurity.net/papers/virus/avevasion-
- techniques.pdf
- [b]Anti-Virus Evasion: A Peek Under the Veil[/b]
- Link: http://pen-testing.sans.org/blog/2013/07/12/anti-virus-evasion-a-peek-under-the-veil
- [b]Advanced Metamorphic Techniques in Computer Viruses[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/apb01.html
- [b]"DELAYED CODE" technology (version 1.1)[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vzo23.html
- [b]"Do polymorphism" tutorial[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vwm01.html
- [b]Advanced Polymorphism Primer[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vda01.html
- [b]Advanced polymorphic engine construction[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vmd03.html
- [b]Analysis of the "Offensive Polymorphic Engine v2"[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/val00.html
- [b]Stealth API-based decryptor[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vkz00.html
- [b]About undetectable viruses[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vzo69.html
- [b]Some stealth idea's[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vdi07.html
- [b]Some New Ideas for Future Viruses[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/val02.html
- [b]Automated reverse engineering: Mistfall engine[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vzo21.html
- [b]Anti AV Techniques For Batch[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vcg00.html
- [b]Anti heuristic techniques[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vbj01.html
- [b]Anti Virus Detection Strategies and how to overcome them[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vtd02.html
- [b]ANTI-Anti-Virus Tricks Version 1.00[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vmx01.html
- [b]Anti-Debugger & Anti-Emulator Lair[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vlj03.html
- [b]Anti-debugging in Win32[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/vlj05.html
- [b]The Anti-Virus Cook Book v1.5[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/akw00.html
- [b]The Anti-Virus Strategy System[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/asg08.html
- [b]Antivirus Software Testing for the New Millenium[/b]
- Link: http://download.adamas.ai/dlbase/Stuff/VX%20Heavens%20Library/asg15.html
- [b]A Taxonomy of Obfuscating Transformations[/b]
- Link: https://tuts4you.com/download.php?view.3421
- [b]A Tool Kit for Code Obfuscation[/b]
- Link: https://tuts4you.com/download.php?view.2916
- [b]Application Security through Program Obfuscation[/b]
- Link: https://tuts4you.com/download.php?view.3131
- [b]Applied Binary Code Obfuscation[/b]
- Link: https://tuts4you.com/download.php?view.2979
- [b]Array Data Transformation for Source Code[/b]
- Link: https://tuts4you.com/download.php?view.2901
- [b]Automatic Binary Deobfuscation[/b]
- Link: https://tuts4you.com/download.php?view.2978
- [b]Basing Obfuscation on Simple Tamper-Proof Hardware Assumptions[/b]
- Link: https://tuts4you.com/download.php?view.3452
- [b]Code Obfuscation and Lighty Compressor Unpacking[/b]
- Link: https://tuts4you.com/download.php?view.3235
- [b]Control Code Obfuscation by Abstract Interpretation[/b]
- Link: https://tuts4you.com/download.php?view.3372
- [b]Exception Handling to Build Code Obfuscation Techniques[/b]
- Link: https://tuts4you.com/download.php?view.2910
- [b]Mimimorphism: A New Approach to Binary Code Obfuscation[/b]
- Link: https://tuts4you.com/download.php?view.3027
- [b]Practical Obfuscating Programs[/b]
- Link: https://tuts4you.com/download.php?view.2904
- [b]Program Obfuscation[/b]
- Link: https://tuts4you.com/download.php?view.2903
- [b]Using Optimization Algorithms for Malware Deobfuscation[/b]
- Link: https://tuts4you.com/download.php?view.2971
- [b]HTG Explains: How Antivirus Software Works[/b]
- Link: http://www.howtogeek.com/125650/htg-explains-how-antivirus-software-works/
- [b]Antivirus software[/b]
- Link: http://en.wikipedia.org/wiki/Antivirus_software
- [b]How Antivirus Programs Work[/b]
- Link: http://www.dummies.com/how-to/content/how-antivirus-programs-work.html
- [b]How Antivirus works[/b]
- Link: http://www.engineersgarage.com/mygarage/how-antivirus-works
- [b]How antivirus software works: Virus detection techniques[/b]
- Link: http://searchsecurity.techtarget.com/tip/How-antivirus-software-works-Virus-detection-techniques
- [b]How a Cloud Antivirus Works[/b]
- Link: http://computer.howstuffworks.com/cloud-computing/cloud-antivirus.htm
- [b]Binary Obfuscation Using Signals[/b]
- Link: https://www.cs.arizona.edu/solar/papers/obf-signal.pdf
- [b]Binary-Code Obfuscations in Prevalent Packer Tools[/b]
- Link: ftp://ftp.cs.wisc.edu/paradyn/papers/Roundy12Packers.pdf
- [b]Obfuscation: Malwareβs best friend[/b]
- Link: http://blog.malwarebytes.org/intelligence/2013/03/obfuscation-malwares-best-friend/
- [b]An Anti-Reverse Engineering Guide[/b]
- Link: http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide
- [b]Clever tricks against antiviruses[/b]
- Link: http://x-n2o.net/clever-tricks-against-antiviruses
- [b]Win32 Equivalents for C Run-Time Functions[/b]
- Link: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q99456
- [b]How to write a simple packer using C language[/b] (download)
- Link: https://mega.co.nz/#!pxF3DJ5S!S4CnHTKxrcxia2RlZiOEAiMFE0sQcdlsSwjkuhjz7BI
- [b]About AV-Checker[/b]
- Link: http://vxheavens.com/lib/vpr03.html
- [b]Dynamic Analysis .. What is it and how to defeat it?![/b]
- Link: http://vxheavens.com/lib/vmo03.html
- [b]"Smart" trash: building of logic[/b]
- Link: http://vxheavens.com/lib/vpo01.html
- [b]Code Mutations via Behaviour Analysis[/b]
- Link: http://vxheavens.com/lib/vsp27.html
- [b]Heaven's Gate: 64-bit code in 32-bit file[/b]
- Link: http://vxheavens.com/lib/vrg16.html
- [b]PE Infector[/b]
- Link: http://marcoramilli.blogspot.fi/2011/03/pe-infector.html
- [b]Evolution of Computer Virus Concealment and Anti-Virus
- Techniques: A Short Survey [/b]
- Link: http://arxiv.org/ftp/arxiv/papers/1104/1104.1070.pdf
- [b]Hunting for Metamorphic Engines[/b]
- Link: http://vxheavens.com/lib/pdf/Hunting%20for%20Metamorphic%20Engines.pdf
- [b]Using Entropy Analysis to Find Encrypted and Packed Malware[/b]
- Link: http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf
- [b]RtlQueryProcessHeapInformation As Anti-Dbg Trick[/b]
- Link: http://evilcodecave.wordpress.com/2009/04/
- [b]Windows Anti-Debug Reference[/b]
- Link: http://www.symantec.com/connect/articles/windows-anti-debug-reference
- [b]Debuggers Anti-Attaching Techniques - Part 1[/b]
- Link: http://waleedassar.blogspot.com.br/2011/12/debuggers-anti-attaching-techniques.html
- [b]Metamorphic Programming[/b]
- Link: https://beardocs.baylor.edu/xmlui/bitstream/handle/2104/5299/Metamorphic.pdf?sequence=1
- [b]The Shellcoder's Handbook[/b]
- Link: http://files.xakep.biz/books/Wiley.The.Shellcoders.Handbook.2nd.Edition.Aug.2007.pdf
- [b]Hyperion: Implementation of a PE-Crypter[/b]
- Link: http://www.exploit-db.com/wp-content/themes/exploit/docs/18849.pdf
- [b]Bypassing Anti-Virus Scanners[/b]
- Link: http://dl.packetstormsecurity.net/papers/bypass/bypassing-av.pdf
- [b]PE Infection Strategies[/b]
- Link: https://evilzone.org/tutorials/%28paper%29-virus-pe-infection-strategies/
- [b]Anti-Emulation Through Time-Lock Puzzles[/b]
- Link: https://tuts4you.com/download.php?view.2348
- [b]Generate small binaries using Visual Studio[/b]
- Link: http://thelegendofrandom.com/blog/archives/2231
- [b]Polychaos - PE permutation library[/b]
- Link: https://github.com/DarthTon/Polychaos
- [b]CMP β Code Morphing Pass [LLVM][/b]
- Link: https://github.com/mminutoli/code-morphing
- [b]Search for more, examples of sentences & keywords:[/b]
- In depth look into binary obfuscation
- In depth look into windows pe file
- How malware works
- How antivirus works
- In depth look into pe resource files
- How binary obfuscation works
- Explanation of PE sections
- How antivirus pattern matching works
- PE Infection Strategies
- How antivirus detects virus
- Why malware is undetectable
- Code injection using SetWindowsHookEx
- Code Injection modifying the Main Thread
- Antivirus runtime detection
- Windows dynamic forking
- Windows process hollowing
- C++ codecave injection
- Codecave Injection using CreateRemoteThread
- Windows malware explained
- C++ dynamic api calling
- Compile time polymorphism
- C++ variadic templates
- LLVM
- LLVM toolchain
- Symmetric encryption algorithm, such as:
- - AES
- - Blowfish
- - RC5
- - SEED
- - Skipjack
- - TEA
- - XTEA
- - 3-Way
- - DES
- - Serpent
- - Twofish
- - Camellia
- - CAST-128
- - IDEA
- - RC2
- -etc.
- String/Character encoding, such as:
- - Base64
- - Ascii85
- - Custom character encoding
- - etc.
- Understanding shellcode
- Writing shellcode with a C compiler
- Position independent code
- Antivirus sandbox
- Antivirus emulation
- Bypassing antivirus scanners
- [i]...to be continued[/i]
- [b][u]Special links![/u][/b]
- Link: http://google.com
- Link: http://msdn.microsoft.com
- [b][u]Couple useful tools[/u][/b]
- [b]CFF Explorer[/b]
- Link: http://www.ntcore.com/exsuite.php
- [b]HxD[/b]
- Link: http://mh-nexus.de/en/hxd/
- [b]Resource Hacker[/b]
- Link: http://www.angusj.com/resourcehacker/
- [b]OllyDbg[/b]
- Link: http://www.ollydbg.de/
- [b][u]Sources to study[/u][/b]
- [size=x-small][i]Note: Password for all archives is 'qmz'.[/i][/size]
- [b]Krypton 7.1 Crypter[/b]
- Description:
- -Morph icons
- -Junk generator
- -Initial handler + Morpher + STUB
- You need:
- -Visual Studio 2010 and Visual Assist X 10.7(place after installing vstudio)
- -The file on the crypts should be located in your bin directory.
- Features:
- 1. Console interface
- 2. Polymorph
- 3. Garbage code, garbage, trash section
- 4. Normalize the entropy on output
- 5. Built-in compression
- 6. Packer linker input file is automatically determined. The decision to use
- some compression is automatically accepted on the basis of several factors:
- - Was a packer at the entrance
- - The degree of compression
- - Entropy
- 7. Overlay support
- 8. Support command line arguments;
- 9. Ability to "noise" icons
- 10. Randomly size output or within the specified limits
- 11.Two types of antiemulation + VM + antidebugging
- 12. A lot more, complex source
- Download the source:
- [spoiler]
- Do [u][b]NOT[/b][/u] execute [u][b]ANY[/b][/u] executables located on the archive!
- You are supposed to study the source, [u][b]NOT[/b][/u] get yourself [color=#FF4500]infected[/color]!
- Link: http://www.mirrorcreator.com/files/1EIGHX6O/Krypton_7.1-2.7.rar_links
- [/spoiler]
- [b]Source - Polymorphic engine + micro assembler[/b]
- Link: http://www.mpgh.net/forum/31-c-c-programming/470516-release-polymorphic-engine-micro-assembler.html
- [b]Source - Metamorphic Obfuscator[/b]
- Link: http://www.mpgh.net/forum/31-c-c-programming/733855-experimental-metamorphic-obfuscator.html
- [b]Source - Several anti-debugging, anti-disassembly and anti-virtualization techniques[/b]
- Link: https://github.com/rrbranco/blackhat2012/blob/master/Csrc/fcall_examples/fcall_examples/fcall_examples.cpp
- [b][u]API hashing compile-time[/u][/b] [size=x-small][i](Credits: karcrack)[/i][/size]
- [i]CryptAPI.hpp:[/i]
- Link: http://pastebin.com/Cn7PQDMu
- [i]Example usage, main.cpp:[/i]
- Link: http://pastebin.com/pvTZ7bTM
- [b]Template for automatically obfuscating code for every build you make(C++11)[/b]
- Link: http://pastebin.com/nV4sqnaa
- [b][u]Video's to watch[/u][/b]
- [video=youtube]http://www.youtube.com/watch?v=ls8I__h1IYE&list=PLUFkSN0XLZ-n_Na6jwqopTt1Ki57vMIc3&feature=share[/video]
- [url=http://www.youtube.com/playlist?list=PLUFkSN0XLZ-n_Na6jwqopTt1Ki57vMIc3][i][font=Arial]Continue watching the above series from here[/font][/i][/url]
- [b][size=medium]TL;DR[/size][/b]
- [img]http://i.imgur.com/lORal5u.png[/img]
- [/align]
- [color=#FFD700][size=x-small][font=Arial]If you notice a duplicate link, notify me.[/font][/size][/color]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement