Constantly appear new "proposals", increasingly professionalized, which help to delay the detection of malicious code through techniques anti-analysis and at the same time increase the profits of developers.
Polymorphic Cryptor Crum is one of many programs that are part of this category. It's a program used to encrypt malware environments; development in Russia for people who are on the mischievous side of the field to broaden the horizon of returns.
This is a new version of this crypter, just 1.1, which offers capabilities for handling polymorphic malicious code.
Among the features proposed by the polymorphic implementation are also of the same polymorphism:
- Using random
- Figures for imports and resources
- 128 for each section
- Overwriting the "Rich" and "Time / Date Stamp" on the header files
- Provides capabilities anti-debugger
- Avoid having to conduct a memory dump
- Avoid performance in controlled environments
- Change or delete the icon for the malicious binary
This implementation costs USD 100 on the black market. However, to complete the array of applications of this style, the same creator offers "only" a USD 50 joiner (used merging files) called Crum Joiner Polymorphic and USD 20 accessing updates same.
The interface of this program, which allows to merge several files such as a .jpg merge a binary .exe, is as follows:
In this case, some of the features that includes the application are:
- Capacities polymorphic
- Allows unlimited union files
- Supports multiple file extensions like .doc, .mp3, .avi, .jpg, .bmp and .exe
- File encryption of 256 bytes
- Ability to carry not only files .exe files but also .dll
Related Information
Russian prices of crimeware - Spanish version
Creating Online polymorphic malware based PoisonIvy - Spanish version
# Jorge Mieres
No comments:
Post a Comment