The word "crypter" is an English scene word that is derived from "encryption" or "decryption".
On the Internet, the word "crypter" usually describes a program that is used to remove malware, e.g. Trojans, stealers, RATs, bots etc. FUD, so that the signature of a Trojan is no longer detected of antivirus software, in German one talks also of runtime packers.
The obvious advantages of a "Crypter" are, the simple usability for people who actually do not know anything about programming etc. and mostly use public maleware-toolkits and with the help of a mostly purchased "Crypter" can often encrypt various maleware FUD.
How does a "Crypter" basically work?
It is actually quite simple how a crypter basically works.
Normally there are two files, the crypter and the stub.
In the Crypter you can select a file with the help of a "File Open" dialog.
After pressing "Crypt" the Crypter reads the "bytes" of the selected program and encrypts them.
Afterwards the "encrypted" is written into the stub.
The stub is also a small "program" that ensures that the encrypted afterwards is decrypted again or is executed.
The then output program contains the encrypted program as well as the method to decrypt or to execute it.
Runtime & Scantime Crypter
There are two types of Crypter.
Scantime and Runtime.
When the crypter does Scantime FUD the original data is extracted and executed again.
Only when scanning the encrypted file is the typed malware so FUD and then detectable when run.
Runtime Crypter execute the encrypted bytes in memory (runPE) and inject them into an active an active process and avoid to be detected.
So a runtime crypter is also a scantime crypter!
What should a good crypter be able to do?
Runtime
Fully Undetected (FUD)
No dependencies (Java, .Net; because not every Windows PC has installed)
EOF support (End of File)
On the Internet, the word "crypter" usually describes a program that is used to remove malware, e.g. Trojans, stealers, RATs, bots etc. FUD, so that the signature of a Trojan is no longer detected of antivirus software, in German one talks also of runtime packers.
The obvious advantages of a "Crypter" are, the simple usability for people who actually do not know anything about programming etc. and mostly use public maleware-toolkits and with the help of a mostly purchased "Crypter" can often encrypt various maleware FUD.
How does a "Crypter" basically work?
It is actually quite simple how a crypter basically works.
Normally there are two files, the crypter and the stub.
In the Crypter you can select a file with the help of a "File Open" dialog.
After pressing "Crypt" the Crypter reads the "bytes" of the selected program and encrypts them.
Afterwards the "encrypted" is written into the stub.
The stub is also a small "program" that ensures that the encrypted afterwards is decrypted again or is executed.
The then output program contains the encrypted program as well as the method to decrypt or to execute it.
Runtime & Scantime Crypter
There are two types of Crypter.
Scantime and Runtime.
When the crypter does Scantime FUD the original data is extracted and executed again.
Only when scanning the encrypted file is the typed malware so FUD and then detectable when run.
Runtime Crypter execute the encrypted bytes in memory (runPE) and inject them into an active an active process and avoid to be detected.
So a runtime crypter is also a scantime crypter!
What should a good crypter be able to do?
Runtime
Fully Undetected (FUD)
No dependencies (Java, .Net; because not every Windows PC has installed)
EOF support (End of File)