Nytro Posted December 3, 2015 Report Posted December 3, 2015 Malware Crypters – the Deceptive First LayerDECEMBER 2, 2015 | BY HASHEREZADERecently, two suspects were arrested for selling Cryptex Reborn and other FUD tools (helping to install malware in a Fully UnDetectable way). Today, we will study some examples to make sure that everyone knows what this type of tools are and why they are dangerous. We will also present some example of identifying and unpacking a malware crypter.Crypters – what are they?Most modern malware samples, in addition to built-in defensive techniques, are protected by some packer or crypter. A crypter’s role is basically to be the first – and most complex – layer of defense for the malicious core. They try to deceive pattern-based or even behavior-based detection engines – often slowing down the analysis process by masquerading as a harmless program then unpacking/decrypting their malicious payload.They may also add some icons and metadata that make the sample look like a legitimate product.Underground crypters, created to defend malware against antivirus/anti-malware products, are sold in typical cybercriminal hangouts. Below, you can see examples of crypters being advertised on the black market and the tricks they use:Articol complet: https://blog.malwarebytes.org/development/2015/12/malware-crypters-the-deceptive-first-layer/ Quote
