But Mostly the Crypter used a public method to exectute the File from Memory ,that’s what we are going to target. This is actually the heart of crypter.This is also called “Run PE “.There are different methods for Run PE.
Note :The decrypted file remains in memory. When you run executable then the stub runs and decrypt the encrypted file. So the antivirus can’t find patterns here.Ģ)Add the stub before the executable code. Crypter Consist of Two partsġ)You give your file as input to crypter,it encrypts it with any encryption algorithm (most likely RC4,AES)īy encrypting the file it defeat the static analysis done by antivirus.During static analysis the antivirises try to find the the patterns in executable and match with with signatures.Because the file is encrypted Principle for making a crypter is very simple. Public malwares are gernally detected by antivurses ,that’s why crypters are used to make them FUD. Here FUD stands for Fully Undetectable.Īctually the malware are basically distributed as executables ,I mean sources are gernally not available.
But Mostly in Malware Scene the crypters are mainly used to make malwares FUD. So what is a Crypter.If have some experience in malware Field then You must have Heard about tool called “Crypter”or may be used it.The Aim of Crypter to Protect the executables ,making difficult to analyze it or reverse engineer it.
0 kommentar(er)
