The biggest challenge after creating a keylogger installation file is to convince your victim to install that keylogger on his PC. Normally free remote keyloggers like Emissary keylogger or any other cheap keyloggers will create standard .exe installation file without any stealth feature. Also, free keyloggers are easily detected by popular antiviruses. So Eventually your keylogging job will remain Incomplete.
You would have probably heard about binders and Crypters before, but what do they use for? and why they are used in keylogging process? it’s simple as their Names suggests what they do. Lets first understand these two software’s.
It is a software that can encrypt executable (.exe) files. crypters are popularly used to encrypt viruses, RAT’s, keyloggers, spywares etc to make them undetectable from antiviruses.
The Crypter takes the original binary code of .exe file and applies many encryptions on it and stores at the end of file(EOF). So a new crypted executable file is created. The new exe is not detected by antiviruses because its code is scrambled by the crypter.
Binder is a software used to bind or combine two or more files in one file under one name and extension.
The files to be bound can have any extension or icon. The user has the choice to select the name, icon and various attributes of the bound file.
Now that you, me and the whole world is aware of this software, do you think antivirus software will allow you to run this software on your system? ..obviously not. This is the biggest setback for crypters and binders. With the increased use of Crypters and binders to bypass antiviruses, AV became more advanced and started including encryption definitions to even detect crypted or bound strings within code. So, use of crypter to hide Keyloggers became more complicated as nowadays, most of the popular crypters & Binders are easily detected by antiviruses.
So, if you are trying to crypt your keyloggers or viruses with publicly available crypters and binders, they are bound to be detected by antiviruses. This is because most FUD(fully undetectable) crypters remain “FUD” for a maximum of one or two weeks, after their public release.
When any free FUD crypter/binder becomes popular it also gets the eyes of antivirus companies. The antivirus companies update their software and employ a detection mechanism that detects the encryption by the crypter. To obtain FUD crypters, you either need to search for it in hacking forums or make one by yourself. Soon I will post about creating your own crypter.. stay connected.
Meanwhile, you can try these latest crypters and binders that are available publicly:
1) Chrome Crypter v2.0
This Crypter is FUD (Fully Undetectable) and free. It has a couple of extra features like .exe file binder and inbuilt Icon Changer. Its recommended that you name your resulting output file in the format: “filename.mp3.exe”. .exe extension will be hidden on most of the systems, so your victim will run it believing its an mp3 file.
Download: Chrome Crypter v2 – FUD.rar
2) 0crypter v5.0.8
Like ‘Chrome crypter’, this crypter also has inbuilt ICON changer and few more advanced features like Default Browser Injection, Custom Injection Method (VBC advanced), Effective StartUp on reboot, Custom Startup, Custom Assembly Change, etc. This is not FUD, as my AVG quickly flagged the output file as Trojan virus.
Download: 0crypter v5.0.8 – FUD.rar