Writing a simple fud cryptor for exe files

S

senatorr3za

 
1
Reputation
0
0
1
Drachma
0
Rating - 0%
0   0   0
Writing a simple FUD Cryptor for exe files.
I will write it in C ++, (in general it would be good to use Sharpe, but I don’t know him yet))
=
What I will use:
C ++, WinAPI.
=
Before writing cryptor I did not understand how it works and what it is.
To put it simply, this is a builder that creates a stub.
Stub is a mini program, inside is the code that decrypts and launches the malware binary.
The Builder himself has a code for encrypting malware and a code for compiling a stub.
The malware code can be encrypted using different encryption algorithms, the strongest is AES256, and you can take RSA as well, it is slow. When deploying malware to a victim, we just need speed.
256 is the length of the key, there is also AES1028
And why encrypt a file at all? It's simple, when the antivirus scans the file, it looks for the signature of the virus, the use of system functions, and when you insert a flash drive with malware on the victim's computer, it also scans Scantime.

And so let's get started.

Let's create a Cryptor folder, create files main.cpp AES.h AES.cpp (I attached these two files, rename AES_H.txt to AES.h, and AES.txt to AES.cpp), I will split one program into two programs so that it was clearer how it works. Based on my program, you should be able to build your own better version of the program.

The first program will be called Cryptor, it also encrypts our exe.
In main.cpp, we connect the libraries and set the name environment.

*** Hidden text: cannot be quoted. ***

Next, in the main function, write

*** Hidden text: cannot be quoted. ***


This piece of code reads the bytes of the exe file and then creates an array.

The next code is responsible for encryption, the key is also indicated there.
To view the hidden text you need to be registered.

Now let's create a header file with the encrypted bytes of the program.

*** Hidden text: cannot be quoted. ***


If you run the first program, it will create a header file from your exe file, it will be useful to us for Stub.
Create a Stab folder, create main.cpp, AES.cpp AES.h and copy Encrypted.h here.
Connect the libraries.

*** Hidden text: cannot be quoted. ***


Next, there will be a code for creating a process, then it pauses, clears its virtual memory, and then uploads the decrypted malware bytes there.
the computer thinks that this is, for example, a calculator, but in fact your code, for example, a stealer, has already worked, or the reverse_shell connection code.
*** Hidden text: cannot be quoted. ***



Now you need to decrypt the bytes, create and upload the bytes into a new process.
the decryption key is the same.
We write in main
*** Hidden text: cannot be quoted. ***


All our stub is ready, it remains to compile it with g ++ in the terminal, or in the IDE.
a file will be created, and it must be run on the victim's computer.
For example, I'll take reverse_shell for windows from metasploit, metasploit will create an exe file. We paste the path to it into the first program, and then copy the created header file into the directory with Stub, compile it. And everything is ready.
Do not check your file in VirusTotal as it records virus signatures.
Use special checkers without recording.

I do not have such an editor, so I will compile through the terminal.

Bash:
:
g++ main.cpp AES.cpp -LAES -Lencrypted



It is a ready-to-use encrypted file. You can see how antiviruses react to a clean virus directly from metsploit and how they react to an encrypted stub file. Now I will check on two computers, one with the newest version of windows 10, and the other with Windows 7. Two files were written on the flash drive (clean virus and Stub). When scanning, WinDefender removed the clean virus and left Stab. The first line has been passed, it remains to run.







At startup, the terminal opens for a short time, and then Stab is launched under the "calculator", if you hover over the tab and open it with the right mouse button, you will see that the system sees it as a calculator and the same thing in the Task Manager.))) I took putty. exe for an example. If you look at the metasploit session, you will notice that the session is open with the victim's machine and you can enter commands. It was Windows 10. And this is Windows 7 under our command))).




is your code work in c++ ? what kind of ready file do u use ?
 
J

Johncenasdad

 
0
Reputation
0
0
0
Drachma
0
Rating - 0%
0   0   0
T
Writing a simple FUD Cryptor for exe files.
I will write it in C ++, (in general it would be good to use Sharpe, but I don’t know him yet))
=
What I will use:
C ++, WinAPI.
=
Before writing cryptor I did not understand how it works and what it is.
To put it simply, this is a builder that creates a stub.
Stub is a mini program, inside is the code that decrypts and launches the malware binary.
The Builder himself has a code for encrypting malware and a code for compiling a stub.
The malware code can be encrypted using different encryption algorithms, the strongest is AES256, and you can take RSA as well, it is slow. When deploying malware to a victim, we just need speed.
256 is the length of the key, there is also AES1028
And why encrypt a file at all? It's simple, when the antivirus scans the file, it looks for the signature of the virus, the use of system functions, and when you insert a flash drive with malware on the victim's computer, it also scans Scantime.

And so let's get started.

Let's create a Cryptor folder, create files main.cpp AES.h AES.cpp (I attached these two files, rename AES_H.txt to AES.h, and AES.txt to AES.cpp), I will split one program into two programs so that it was clearer how it works. Based on my program, you should be able to build your own better version of the program.

The first program will be called Cryptor, it also encrypts our exe.
In main.cpp, we connect the libraries and set the name environment.

*** Hidden text: cannot be quoted. ***

Next, in the main function, write

*** Hidden text: cannot be quoted. ***


This piece of code reads the bytes of the exe file and then creates an array.

The next code is responsible for encryption, the key is also indicated there.
To view the hidden text you need to be registered.

Now let's create a header file with the encrypted bytes of the program.

*** Hidden text: cannot be quoted. ***


If you run the first program, it will create a header file from your exe file, it will be useful to us for Stub.
Create a Stab folder, create main.cpp, AES.cpp AES.h and copy Encrypted.h here.
Connect the libraries.

*** Hidden text: cannot be quoted. ***


Next, there will be a code for creating a process, then it pauses, clears its virtual memory, and then uploads the decrypted malware bytes there.
the computer thinks that this is, for example, a calculator, but in fact your code, for example, a stealer, has already worked, or the reverse_shell connection code.
*** Hidden text: cannot be quoted. ***



Now you need to decrypt the bytes, create and upload the bytes into a new process.
the decryption key is the same.
We write in main
*** Hidden text: cannot be quoted. ***


All our stub is ready, it remains to compile it with g ++ in the terminal, or in the IDE.
a file will be created, and it must be run on the victim's computer.
For example, I'll take reverse_shell for windows from metasploit, metasploit will create an exe file. We paste the path to it into the first program, and then copy the created header file into the directory with Stub, compile it. And everything is ready.
Do not check your file in VirusTotal as it records virus signatures.
Use special checkers without recording.

I do not have such an editor, so I will compile through the terminal.

Bash:
:
g++ main.cpp AES.cpp -LAES -Lencrypted



It is a ready-to-use encrypted file. You can see how antiviruses react to a clean virus directly from metsploit and how they react to an encrypted stub file. Now I will check on two computers, one with the newest version of windows 10, and the other with Windows 7. Two files were written on the flash drive (clean virus and Stub). When scanning, WinDefender removed the clean virus and left Stab. The first line has been passed, it remains to run.







At startup, the terminal opens for a short time, and then Stab is launched under the "calculator", if you hover over the tab and open it with the right mouse button, you will see that the system sees it as a calculator and the same thing in the Task Manager.))) I took putty. exe for an example. If you look at the metasploit session, you will notice that the session is open with the victim's machine and you can enter commands. It was Windows 10. And this is Windows 7 under our command))).




hanks
Writing a simple FUD Cryptor for exe files.
I will write it in C ++, (in general it would be good to use Sharpe, but I don’t know him yet))
=
What I will use:
C ++, WinAPI.
=
Before writing cryptor I did not understand how it works and what it is.
To put it simply, this is a builder that creates a stub.
Stub is a mini program, inside is the code that decrypts and launches the malware binary.
The Builder himself has a code for encrypting malware and a code for compiling a stub.
The malware code can be encrypted using different encryption algorithms, the strongest is AES256, and you can take RSA as well, it is slow. When deploying malware to a victim, we just need speed.
256 is the length of the key, there is also AES1028
And why encrypt a file at all? It's simple, when the antivirus scans the file, it looks for the signature of the virus, the use of system functions, and when you insert a flash drive with malware on the victim's computer, it also scans Scantime.

And so let's get started.

Let's create a Cryptor folder, create files main.cpp AES.h AES.cpp (I attached these two files, rename AES_H.txt to AES.h, and AES.txt to AES.cpp), I will split one program into two programs so that it was clearer how it works. Based on my program, you should be able to build your own better version of the program.

The first program will be called Cryptor, it also encrypts our exe.
In main.cpp, we connect the libraries and set the name environment.

*** Hidden text: cannot be quoted. ***

Next, in the main function, write

*** Hidden text: cannot be quoted. ***


This piece of code reads the bytes of the exe file and then creates an array.

The next code is responsible for encryption, the key is also indicated there.
To view the hidden text you need to be registered.

Now let's create a header file with the encrypted bytes of the program.

*** Hidden text: cannot be quoted. ***


If you run the first program, it will create a header file from your exe file, it will be useful to us for Stub.
Create a Stab folder, create main.cpp, AES.cpp AES.h and copy Encrypted.h here.
Connect the libraries.

*** Hidden text: cannot be quoted. ***


Next, there will be a code for creating a process, then it pauses, clears its virtual memory, and then uploads the decrypted malware bytes there.
the computer thinks that this is, for example, a calculator, but in fact your code, for example, a stealer, has already worked, or the reverse_shell connection code.
*** Hidden text: cannot be quoted. ***



Now you need to decrypt the bytes, create and upload the bytes into a new process.
the decryption key is the same.
We write in main
*** Hidden text: cannot be quoted. ***


All our stub is ready, it remains to compile it with g ++ in the terminal, or in the IDE.
a file will be created, and it must be run on the victim's computer.
For example, I'll take reverse_shell for windows from metasploit, metasploit will create an exe file. We paste the path to it into the first program, and then copy the created header file into the directory with Stub, compile it. And everything is ready.
Do not check your file in VirusTotal as it records virus signatures.
Use special checkers without recording.

I do not have such an editor, so I will compile through the terminal.

Bash:
:
g++ main.cpp AES.cpp -LAES -Lencrypted



It is a ready-to-use encrypted file. You can see how antiviruses react to a clean virus directly from metsploit and how they react to an encrypted stub file. Now I will check on two computers, one with the newest version of windows 10, and the other with Windows 7. Two files were written on the flash drive (clean virus and Stub). When scanning, WinDefender removed the clean virus and left Stab. The first line has been passed, it remains to run.







At startup, the terminal opens for a short time, and then Stab is launched under the "calculator", if you hover over the tab and open it with the right mouse button, you will see that the system sees it as a calculator and the same thing in the Task Manager.))) I took putty. exe for an example. If you look at the metasploit session, you will notice that the session is open with the victim's machine and you can enter commands. It was Windows 10. And this is Windows 7 un
thanks!
 
J

Johncenasdad

 
0
Reputation
0
0
0
Drachma
0
Rating - 0%
0   0   0
Writing a simple FUD Cryptor for exe files.
I will write it in C ++, (in general it would be good to use Sharpe, but I don’t know him yet))
=
What I will use:
C ++, WinAPI.
=
Before writing cryptor I did not understand how it works and what it is.
To put it simply, this is a builder that creates a stub.
Stub is a mini program, inside is the code that decrypts and launches the malware binary.
The Builder himself has a code for encrypting malware and a code for compiling a stub.
The malware code can be encrypted using different encryption algorithms, the strongest is AES256, and you can take RSA as well, it is slow. When deploying malware to a victim, we just need speed.
256 is the length of the key, there is also AES1028
And why encrypt a file at all? It's simple, when the antivirus scans the file, it looks for the signature of the virus, the use of system functions, and when you insert a flash drive with malware on the victim's computer, it also scans Scantime.

And so let's get started.

Let's create a Cryptor folder, create files main.cpp AES.h AES.cpp (I attached these two files, rename AES_H.txt to AES.h, and AES.txt to AES.cpp), I will split one program into two programs so that it was clearer how it works. Based on my program, you should be able to build your own better version of the program.

The first program will be called Cryptor, it also encrypts our exe.
In main.cpp, we connect the libraries and set the name environment.

*** Hidden text: cannot be quoted. ***

Next, in the main function, write

*** Hidden text: cannot be quoted. ***


This piece of code reads the bytes of the exe file and then creates an array.

The next code is responsible for encryption, the key is also indicated there.
To view the hidden text you need to be registered.

Now let's create a header file with the encrypted bytes of the program.

*** Hidden text: cannot be quoted. ***


If you run the first program, it will create a header file from your exe file, it will be useful to us for Stub.
Create a Stab folder, create main.cpp, AES.cpp AES.h and copy Encrypted.h here.
Connect the libraries.

*** Hidden text: cannot be quoted. ***


Next, there will be a code for creating a process, then it pauses, clears its virtual memory, and then uploads the decrypted malware bytes there.
the computer thinks that this is, for example, a calculator, but in fact your code, for example, a stealer, has already worked, or the reverse_shell connection code.
*** Hidden text: cannot be quoted. ***



Now you need to decrypt the bytes, create and upload the bytes into a new process.
the decryption key is the same.
We write in main
*** Hidden text: cannot be quoted. ***


All our stub is ready, it remains to compile it with g ++ in the terminal, or in the IDE.
a file will be created, and it must be run on the victim's computer.
For example, I'll take reverse_shell for windows from metasploit, metasploit will create an exe file. We paste the path to it into the first program, and then copy the created header file into the directory with Stub, compile it. And everything is ready.
Do not check your file in VirusTotal as it records virus signatures.
Use special checkers without recording.

I do not have such an editor, so I will compile through the terminal.

Bash:
:
g++ main.cpp AES.cpp -LAES -Lencrypted



It is a ready-to-use encrypted file. You can see how antiviruses react to a clean virus directly from metsploit and how they react to an encrypted stub file. Now I will check on two computers, one with the newest version of windows 10, and the other with Windows 7. Two files were written on the flash drive (clean virus and Stub). When scanning, WinDefender removed the clean virus and left Stab. The first line has been passed, it remains to run.







At startup, the terminal opens for a short time, and then Stab is launched under the "calculator", if you hover over the tab and open it with the right mouse button, you will see that the system sees it as a calculator and the same thing in the Task Manager.))) I took putty. exe for an example. If you look at the metasploit session, you will notice that the session is open with the victim's machine and you can enter commands. It was Windows 10. And this is Windows 7 under our command))).




Thanks!
 
  • Watchers 20
  • Top