C++ Crypter source undetected! 05-10-2013, 04:51 AM
#1
This crypter is different because instead of creating a new proces and then do the PE injection to memory etc it will execute the code it its own proces instead.
Allocates the amount of memory needed for the image
Then rebases(relocates) the image to the new imagebase wich is the memory allocated above, so your PE has to have a working relocation table
Processes the imports
Replaces the imagebase in the PEB to our supposed new one, so that the PE could get its own resources and stuff.
And then calls the entry point of the PE
it has a few detections on NVT(yes I scan on NVT, deal with it.) I guess its due to resource handling api's and GPA/LL combo wich is needed to proces the imports
The only thing that that might be a problem is that the proces doesn't use tls callbacks.
Download:
here
Allocates the amount of memory needed for the image
Then rebases(relocates) the image to the new imagebase wich is the memory allocated above, so your PE has to have a working relocation table
Processes the imports
Replaces the imagebase in the PEB to our supposed new one, so that the PE could get its own resources and stuff.
And then calls the entry point of the PE
it has a few detections on NVT(yes I scan on NVT, deal with it.) I guess its due to resource handling api's and GPA/LL combo wich is needed to proces the imports
The only thing that that might be a problem is that the proces doesn't use tls callbacks.
Download:
here
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: bAMEI93.jpg]](http://i.imgur.com/bAMEI93.jpg)
