What is a FUD Crypter
WHAT IS A CRYPTER?
A Crypter is a software used to hide our viruses, keyloggers or any RAT tool from antiviruses so that they are not detected and deleted by antiviruses. Thus, a crypter is a program that allow users to crypt the source code of their program. Generally, antivirus work by splitting source code of application and then search for certain string within source code. If antivirus detects any certain malicious strings, it either stops scan or deletes the file as virus from system.
WHAT DOES A CRYPTER DO?
A Crypter simply assigns hidden values to each individual code within source code. Thus, the source code becomes hidden. Hence, our sent crypted trojan and virus bypass antivirus detection and our purpose of hacking them is fulfilled without any AV (Anti Virus) hindrance. Not only does this crypter hide source code, it will unpack the encryption once the program is executed
How Does FUD Crypter Work?
The Basic Working Of FUD Crypter is explained below
The Crypter takes the original binary file of you exe and applies many encryption on it and stores on the end of file(EOF).So a new crypted executable file is created.
Original Exe Crypted Exe
The new exe is not detected by antiviruses because its code is scrambled by the crypter.When executed the new .exe file decrypts the binary file into small the data small pieces at a time and injects them into another already existing process or a new empty one, OR it drops the code into multiple chunks in alternative data streams(not scanned by most a/v) then executes it as a .txt or .mp3 file.
HOW CAN WE MANUALLY DISTINGUISH BETWEEN THE ORIGINAL AND ENCRYPTED FILE?
An important point to note is that though a Crypter hides the code of a file but it cannot hide the size of a file. Thus, if the size of the file we want to crypt is 10kb and the size of the file with which we want to crypt our file is 100kb then the total size of the crypted file would be 100kb+10kb ie… 110kb.
But this difference would be helpful only when you know the size of the original file.
Now coming back to FUD..
What is FUD?
FUD is acronym for Fully UnDetectable. With increased use of Crypters to bypass antiviruses, AV (Anti Virus) became more advanced and started including crypter definitions to even detect crypter strings within code. So, use of crypter to hide Ardamax keylogger and RATs became more complicated as nowadays, no publicly available crypter is FUD.
So, if you crypt RATs with publicly available crypters, they are bound to be detected by antiviruses. This is because most FUD crypters remain “FUD” for maximum of one or two days after their public release. To obtain FUD crypters, you have to either search for it in hacking forums or make one (which is somewhat tedius.. I am working on this).
Where can I test Whether my Crypter is FUD or not?
To test you crypter encrypt any virus with it and test it on http://scanner.novirusthanks.org and make sure you check the box Do not distribute the sample
Note:-Do not test your crypter on http://virustotal.com as it distributes the samples and your crypter will not remain FUD if you scan with virustotal.
Where can I Download a Free FUD crypter?
As I already mentioned that as the crypter becomes popular it doesnot remain FUD.So the only FUD crypter available are those made by indivuals and they can be found by spending a little time on google by searching.It will not make profit to anybody if I share FUD crypter here used by me as it will not remain FUD for long as some noobs will surely scan it with virustoal.So,its better you search your own and keep it to yourself.
Download Free FUD Crypter
I am giving you a link to a free crypter so that you can play it with and test whether it is FUD or not.
download it from here