Pecrypt

Full Version: Pecrypt

GovernmentSecurity.org > The Archives > Public Downloads

archphase

Nov 30 2003, 07:30 PM

Hey,

PECRYPT is a tool that takes a normal win32 PE and preforms a simple algorithm upon the executable file. It then takes it and adds it as a resource to a stub which on execution decrypts our body and launches our device. Therefore providing streamless undetection by current antivirus measures unless of course the stub is tagged.

So bassically... creates undetectable executables which you can take any previously dated but detected trojan and make it undetected again. I tested it on NAV and was undetectable on that so i believe KAV and McAffe will follow in the same trail however report back. Any bug reports would be thankfully reported to me (archphase@hackermail.com). Enjoy the release.

http://archphase.united.net.kg/projects.html

Regards,
archphase

coder

Nov 30 2003, 07:33 PM

great tool!

although as soon as you decrypt & run the app- the AntiVirii will see it?

Still a great tool, just wanted to get things right...

archphase

Nov 30 2003, 09:40 PM

QUOTE (coder @ Nov 30 2003, 07:33 PM)

great tool!

although as soon as you decrypt & run the app- the AntiVirii will see it?

Still a great tool, just wanted to get things right...

Yeh the decrypted body is there and then is executed I'm gonna add something once it gets detected so that the stub monitors for the executable every 5 seconds then deletes it if it doesn't see it as an active process.

archphase

Nov 30 2003, 09:43 PM

hrm double post it seems, well removed anyways.

cartman

Dec 5 2003, 12:30 AM

Great, thx.....

and here's the source

http://archphase.united.net.kg/code.html

Double-=V=-

Dec 5 2003, 11:12 AM

Nice tool but like many other packers and stuff it doesn't get detected but after you run it, it does.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.