Joecrypter finally released

Finally, I’m done with this my crypter. I’ve written the entire thing in a mish mash of C#, C, and assembly.

joe_crypter

The crypter I made modifies exes, packs them, and adds AV / VM / Sandbox / debugging evasions inside of a wrapper. I’m employing a basic process hollowing technique for the payload that is only run after all evasions are satisfied. The anti-debug modules include anti-single stepping as well as anti-tracing. I can even detect procmon without checking the process list.

The front end is in C# and that performs the rudimentary exe modifications and packing, however the real meat and potatoes is in the back end. The back-end compiler is Pelles C compiler and the evasions are coded in C and assembly. The payload is loaded in as a resource and is encrypted (decrypted at run-time).

I got a theme too as well as music that plays in the background.

So what are you waiting for? Download it now! Btw, the password is ‘infected’ without quotes.

–Fixed some bugs that made it not work. Also FF seems to report my code directory as “malicious / unwanted”. I switched the download dir to /chat/ instead to see if VT will leave me be.

8 thoughts on “Joecrypter finally released
  1. 12/23/2015: Firefox big red screen:

    Reported Unwanted Software Page!

    This web page at http://www.gironsec.com has been reported to contain unwanted software and has been blocked based on your security preferences.

    Unwanted software pages try to install software that can be deceptive and affect your system in unexpected ways.

    Just to let you know…

    Cheers!!!

    1. I included the source in the attached zip file. I also didn’t encrypt the .net binary so any .net decompiler would work.

Leave a Reply to M.abdelwanis Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.