Crypters and Antivirus Softwares

I discussed about different kind of Malwares in my last post, In this post I am going to show a demo on how to use Crypters  and how easily the famous Antivirus can be bypassed using a Cryptering software. For a formal introduction, with Crypters and FUD. 

Crypter

A Crypter is a tool used for encryption, usually I use crpyters for encoding viruses, keyloggers or any RAT tool, I use crpyters on viruses and malwares  to make them undectetable from antiviruses so that they are not deleted by antiviruses. Thus, a crypter is a program that allows me to crypt the source code of my virus or code. What I have read is the antivirus work by splitting source code of application and then search for certain string within source code. If antivirus detects any certain malicious strings, it either stops the scan or deletes the file as virus from system. Thus a crypter basically makes an infected file FUD(Fully Undetectable) or UD(Undetectable) by encrypting it.

In this post I am going to show how I used an easily available crypter to encode a virus and, How I am easily able to bypass many popular anti virus software.

Download a Virus

Here I am going to download a file containing a ’x86 machine language’ code. Which is a legitimate DOS program and produces sensible results when run (it prints the message 'EICAR-STANDARD-ANTIVIRUS-TEST-FILE!'). This code can be downloaded from EICAR’s website

OR

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Copy the above code paste it in a notepad file and save the notepad file with an .exe format

Scan the downloaded file

Now I am going to test the .exe file for a presence of virus on the online virus scanner website, a few of them are mentioned below

•          https://www.metascan-online.com
•      https://www.virustotal.com

·                    

          

Encrypt the file

I used a crpyter to encrypt the file, this software can be easily downloaded, I used ‘CRYPTER  MINI’

                                                  

Now I Browsed the file and clicked on the ‘Make your File Sick!’ button and waited for a while.And saved the file.

Scan the Encrypted file

Now again I scanned the file on ‘https://www.virustotal.com’ now the results are different

            

                 

This shows that many of the popular anti virus are easily bypassed using a simple crypter. How I fool these antivirus softwares