yakuza23 Posted December 30, 2010 Report Posted December 30, 2010 (edited) ################################################## #######Coder : BUNNNMade in : Romania, EuropeGfx by : SpiLoT and KanoCredits: Cobein Steve10120 Slayer616 SqUeEzEr : D Who! DarkbreakBeta testers : BlackDark Jonhyk Mi4night Mystik Xenon Goblert Peacefull Hero420 Jumper################################################## #######First of all, this is the worst crypter you ever seen with the worst GUI so please don't use it !This Crypter is not designed to be one 'simple crypter' and is not designed for noob users.http://i38.tinypic.com/b6pjmg.pnghttp://i33.tinypic.com/14sjq5v.pnghttp://i28.tinypic.com/vzj9kg.jpghttp://i25.tinypic.com/28ck66s.jpghttp://i26.tinypic.com/2dkivc5.jpghttp://i31.tinypic.com/16icoqe.jpghttp://i38.tinypic.com/1r6901.pnghttp://i37.tinypic.com/28b8ebb.pngClient Options :+ multiple binder/crypter/packer/downloader/parameter support+ binded files and urls are hight crypted with your custom encryption-autogenerate random password for each binded file, you can also chose password level+ delayed execution for each binded file/url+ various anti methods by SqUeEzEr+ custom stub/fake message/delayed execution+ change icon/clone a file / null pe info / change pe entry point/add new pe section/fix pe checksum/ null pe icon /clone icon/anti padding/EOF data saver / Zero EntryPoint+ Activex / HKLM / HKCU startup+ you can chose randomize level 1 - slow , 2 - medium, 3 -hard+ drop binded/downloaded files to temp/windows/system32/system/drivers+ inject binded files to this exe/explorer/services/svchost/internet explorer/default browser (use inject file for bypass avs on run time)http://i37.tinypic.com/28b8ebb.pngtutorialUniq Stub Generator options:+ 11 stub encryptions: blowfish/twofish/aes/huffman/ds1/tea/skipjack/gost/cryptapi/rc4/xor+ 4 APis/strings encryptions: Rotx/Ascii/Xor/Hex+ 3 limiters, for more unique rate+ all encryptions are full randomized+ added Huffman, one compression/encryption algorithm, so this is also packer+ all strings/functions/variables/constants and version info are randomized+ all functions place in (clas) module are randomized.+ all possible string and all api's are encrypted with 2 encryptions, first with one custom encryption and last with random rotx encryption.+ you can chose randomize level 1 - slow , 2 - medium, 3 -hard+ add fake options / junk code+ you can put your custom limiters/resource name+ stub can be compiled to P-Code or Natie-Code+ add fake APis ( very usefull)+ scramble code(add goto functions)+ more unique rate for each stub*Seems now av's get fly crypter stubs by vb functions, because they don't find any other static code or some malware code.DOWNLOAD// Removed Edited December 30, 2010 by Nytro Quote
Gabriel87 Posted December 30, 2010 Report Posted December 30, 2010 Detectat ca trojan..am impresia ca ii bindat cu server de stealer Quote
Nytro Posted December 30, 2010 Report Posted December 30, 2010 De ce contine fiecare executabil 3 fisiere PE (executabile sau DLL-uri, probabil executabile)? Nu stau sa le analizez, vreau doar o explicatie. Quote
datdraq Posted December 30, 2010 Report Posted December 30, 2010 (edited) Radmin !Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters]"AskUser"=hex:00,00,00,00Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters]"NTAuthEnabled"=hex:00,00,00,00"Parameter"=hex: d4,db,5b,ce,7f,cc,6f,7d,0a,c7,e8,68,e8,7f,64,3e"Port"=hex:f6,09,00,00"Timeout"=hex:0a,00,00,00"EnableLogFile"=hex:00,00,00,00"LogFilePath"="c:\\logfile.txt""FilterIp"=hex:00,00,00,00"DisableTrayIcon"=hex:01,00,00,00"EnableEventLog"=hex:00,00,00,00http://www.multiupload.com/EVIL71PK4LExtrageti cu winrar -->show hidden files ,folders and drivers . Edited December 30, 2010 by datdraq Quote
