question about decrypters

**Xpertvision** · 15-02-2010

let me see if i can explain myself (english is not my mother language)

i create a server (detected) then i use one decrypter (and he gets undetected)

why i only infect people with no antivirus? (the only pc with antivirus was with bitdefender 8 a very old antivirus)

what the decrypter does? only mask the server?

when the victims click the server the antivirus send alert and stop the action?

why use decrypters if the server gets detected when installed?

thanks in advance

**Drag** · 15-02-2010

Are you saying server gets detected when installed?

I DO NOT THINK SO?

**Ant1-b0dy** · 15-02-2010

I believe you mean ENCrypter [Crypter for short] - not DEcrypter as a decrypter decompiles.

Crypters can mask the server but not always. Anti-virus databases are good at picking through the code to detect it... its why you must find what we call a "FUD" or Fully Un-Detected.

**Xpertvision** · 16-02-2010

Originally Posted by Ant1-b0dy

I believe you mean ENCrypter [Crypter for short] - not DEcrypter as a decrypter decompiles.

Crypters can mask the server but not always. Anti-virus databases are good at picking through the code to detect it... its why you must find what we call a "FUD" or Fully Un-Detected.

yes i mean crypter sorry...

my servers are FUD by crypter (tested on novirusthanks)

**Xpertvision** · 16-02-2010

Originally Posted by Drag

Are you saying server gets detected when installed?

I DO NOT THINK SO?

so how can you explain i only infect victims with no antivirus? (the only 2 pcs i saw with antivirus was bidefender 8 and mcafee enterprise 8 , both are very old antivirus)

and one of my victims say she got a pop up from antivirus

the server was FUD tested on novirusthanks

**~Fleck** · 16-02-2010

maybe ur crypter is not runtime.. ? =/
or u dint check the dont distribute option on nvt
or nvt submits to av's...

**~Fleck** · 16-02-2010

maybe ur crypter is not runtime.. ? =/
or u dint check the dont distribute option on nvt
or nvt submits to av's...

**counterstrikewi** · 16-02-2010

the standard encryption for crypters is rc4.
anything encrypted with rc4 with a 40 char+ key cannot be decrypted and is therefore undetected.
The crypter stub contains decryption code and memory execution code.
These are the routines that the antiviruses have tagged.
fud the crypter stub, not the server.
epeius 2.5 still has a good ud rate. 1/23 last time i checked

**Xpertvision** · 16-02-2010

i have many good ones FUD and others with 1/20 (avira is allways on top is this)

i allways check the dont destribute sample on novirusthanks

i dont know...

hi heard av like kaperssky when exute theserver he catchim

**Buls** · 17-02-2010

probably your crypter is only FUD on scantime not RUNTIME

Thread: question about decrypters

LinkBack

Thread Tools

Display

question about decrypters

Thread Information

Users Browsing this Thread

Similar Threads

A little question and help!

asking for help ... question in pi 2.3.2

a question

vb question.

a question

Posting Permissions