Finally, I’m done with this my crypter. I’ve written the entire thing in a mish mash of C#, C, and assembly.
The crypter I made modifies exes, packs them, and adds AV / VM / Sandbox / debugging evasions inside of a wrapper. I’m employing a basic process hollowing technique for the payload that is only run after all evasions are satisfied. The anti-debug modules include anti-single stepping as well as anti-tracing. I can even detect procmon without checking the process list.
The front end is in C# and that performs the rudimentary exe modifications and packing, however the real meat and potatoes is in the back end. The back-end compiler is Pelles C compiler and the evasions are coded in C and assembly. The payload is loaded in as a resource and is encrypted (decrypted at run-time).
I got a theme too as well as music that plays in the background.
So what are you waiting for? Download it now! Btw, the password is ‘infected’ without quotes.
–Fixed some bugs that made it not work. Also FF seems to report my code directory as “malicious / unwanted”. I switched the download dir to /chat/ instead to see if VT will leave me be.