folder Tahribat.com Forumları
linefolder C - C++
linefolder [C++] Polymorphic Crypter



[C++] Polymorphic Crypter

  1. KısayolKısayol reportŞikayet pmÖzel Mesaj
    ZINDIK
    ZINDIK's avatar
    Kayıt Tarihi: 31/Mart/2007
    Erkek

    Kaynak kodları 5bin dolardan rus underground forumlarında satılan bir polimorfik crypter. Malwareci müridler eğitim amaçlı yararlanabilir.

    Polimorfik? Bilgi için bu kaynaktan yararlanabilirsiniz = http://www.bilgiguvenligi.gov.tr/zararli-yazilimlar/polimorfik-virusler-ve-tespit-yontemleri.html

    Rusca'dan google translate:

    TOMAHAWK MULTIPASS MORPHER ENGINE
    Multipass Kriptor \ Morpher \ Protector .
    Maintained and continuously upgraded since 2010
    Ultraprivat . The possibility of cooperation after the interview .
    Possibility of issuing kriptora "on hand." Possible sale sortsy .
    1. Console interface ;
    2 . polymorph ;
    3 . Garbage code , garbage , trash section ;
    4 . Normalization of the entropy at the output ;
    5 . Fitted compression (output image as a rule, 30-70 % less) ;
    6. Packer linker input file is automatically detected. The decision to use
    varying compression automatically accepted on the basis of several factors:
     - Whether there was a packer at the entrance ;
     - The degree of compression ;
     - Entropy ;
    7. Overlay support ;
    8. Support \ transfer command line;
    9. Adding icons provided there mikromorfer icons, the possibility of " noise " icons
    possible to save other resources ( versioning information , manifest etc);
    10 . Random size at the outlet or within the specified limits ;
    11.Two type antiemulyatsii averskih VM + one + one antidebuggings antiemulyator from ordinary Wirth. machines.
    including MS Security Essentials - does not spin .
    
    Written in pure C + Inline assembler;
    
    Checking Zeus, SpyEye, Carberp, Citadel, and many others.
    
    Check AB (Scan4You): 0/ 35 - always
    


    1. Sortsy consist of 2 projects
    Generator and TlsStub, other projects - is an outline for the future, for the crypt dll
    2 . There are a lot of additional tools ( folder Bin \ PlugIn):
    pmorph.dll - polymorphic generator ;
    selfscan.dll and PESniffer.dll - determine whether the file was something packed inlet ;
    if packaged upx.exe - unpack ;
    There's still Morpher icons and a lot of things in this version is not yuzayutsya .
    There are utility ScompX.exe in the Bin
    ( she solyushen not included because there is rarely a need to edit it ), but there sortsy her present.
    When rebildinge occurs following items :
    1. There TlsStub - it's self with the stub loader section of code placed encrypted code
    target file , what does ScompX.exe;
    2 . Generator - creates an output file Morph.exe, which morphs stub with wired already there there file
    3 . At the output file TlsStub.exe ( folder Bin) - is the result of kriptovki
    4 . At the entrance - bot.exe ( although the name can be changed in the project options TlsStub-> Build Events before and after );
    Pocketbook cleaning . Part 1 of 42.
    
    NOD - signature / import, plus the number of functions and their order, remove from ntdll.dll import data
    Avast - signature data
    VBA - emulation , put a long cycle
    GData - import, swears by the media , put the optimization
    Panda - preferably the presence user32.dll
    Avira - kodovubyu section desirable to put on record , add debug directory !!! Base64 do
    Panda - signature / ENTROPY
    KAV - rarefied code feykovye DBGPRINT + imports (sometimes)
    MSE - the same that KAV
    BitDefender - prikopalis to GetProcAddress (ntdll & kernel); import Plenty left .
    
    
    1.You will palitsya NOD- ohm , you can try to remove the optimization properties StubNew:
    Project-> Properties StubNew-> C / C + + -> Optimization: Optimization - put "Disabled" , the preferred size or speed - put " No "
    2.If will pop bitdef and friends and if needed urgently kriptonut , it is possible in the properties StubNew:
    Project-> Properties StubNew-> Linker -> Debugging - put " Generate debug information " - " Yes " , but will shoot one Avast .
    3 . You can play with flags in StubNew.h: DBG_FAKE, DBG_OK, TLS ( will zayuzat TLS), ANTIDEBUG, PREDBG;
    4 . You can remove / add fake imports in StubNew.cpp: InitInstance ( there are comments );
    5 . You can change the entry point at stabovuyu from MS (CRT) - EntryPoint change on _tWinMain, respectively removing properties StubNew:
    Project-> Properties StubNew-> Linker - > Advanced- > Entry Point ;
    6. You can do the most import permutations properties StubNew:
    Project-> Properties StubNew-> Linker - > Input -> Additional Dependencies
    
    Malvar SDK for developers , Part 1 of 4
    
    1. Generation treshkoda after passing my Morpher :
    Tags:
    
    __asm ​​{hlt} _asm {cli} _asm {cld}
    as many .... _asm {nop}
    
    
    All this will be replaced with " garbage " code , only here it is necessary to take into account that it can not be inserted in the long cycles ,
    because morfleny this trash (mostly arithmetic) will eat CPU time , although it is very useful against emulators ,
    e.g. such as VBA
    
    What will this : signatures in your stuffing in the memory will always be different from the crypt to crypt .

    Kaynak kodları:

  2. KısayolKısayol reportŞikayet pmÖzel Mesaj
    1234567B
    1234567B's avatar
    Kayıt Tarihi: 04/Şubat/2010
    Erkek

    dayı kaptırdı gidiyor php,c# c++ :D bugun bu kaçıncı konu ellerine sağlık :D

    1234567B tarafından 06/Ara/13 01:28 tarihinde düzenlenmiştir

    arbeit macht frei
  3. KısayolKısayol reportŞikayet pmÖzel Mesaj
    Twitter
    Twitter's avatar
    Kayıt Tarihi: 13/Ekim/2007
    Erkek

    Senin için takip et butonu eklenmeli hocam yaw döktürüyorsun yine bugün . 

    Birde şu scriptini adam edip halka arz edersen tadından yinmez ;

    http://www.tahribat.com/Forum-Php-Dos-Saldirisi-Scripti-163630/


    Tbt Dersimliler Derneği Başkanı :)
  4. KısayolKısayol reportŞikayet pmÖzel Mesaj
    wasd
    wasd's avatar
    Kayıt Tarihi: 14/Haziran/2006
    Erkek

    Bulunsun kenarda, incelemek lazımda bakalım ne zaman. Bugünkü konular için toptan teşekkür ederim, devamını bekleriz :)


    :)
  5. KısayolKısayol reportŞikayet pmÖzel Mesaj
    HowL
    HowL's avatar
    Banlanmış Üye
    Kayıt Tarihi: 21/Kasım/2010
    Erkek

    çizik


    Mutluluk çatık kaşlıdır ve ciddidir. Bizim gibilerin sonu en fazla sürpriz olur :)
Toplam Hit: 2311 Toplam Mesaj: 5