The biggest challenge after creating a keylogger installation file is to convince your victim to install that keylogger on his PC. Normally free remote keyloggers like Emissary keylogger or any other cheap keyloggers will create standard .exe installation file without any stealth feature.
Also, free keyloggers are easily detected by popular antivirus programs. So Eventually your keylogging job will remain Incomplete.
You would have probably heard about binders and Crypters before, but what do they use for? and why they are used in keylogging process? it’s simple as their Names suggests what they do.
Lets first understand these two programs.
It is a software that can encrypt executable (.exe) files. Crypters are popularly used to encrypt viruses, RAT’s, keyloggers, spywares etc to make them undetectable from antivirus programs.
The Crypter takes the original binary code of executable file and applies strong encryption on it and stores at the end of file(EOF). This process creates new encrypted executable file.
The new executable file is not detected by antivirus programs because its code is obfuscated by the Crypter program which conceals its purpose.
Binder is a software used to bind or combine two or more files in one file under one name and extension.
The files to be bound can have any extension or icon. The user has the choice to select the name, icon and various attributes of the bound file.
Now that you, me and the whole world is aware of this software, do you think antivirus software will allow you to run this software on your system? obviously not.
This is the biggest setback for Crypters and Binders. With the increased use of Crypters and binders to bypass antivirus programs, antivirus makers have created more advanced mechanism and started including encryption definitions to even detect encrypted code or bound strings within code.
So, use of Crypter to hide keyloggers has become more difficult nowadays, most of the popular Crypters & Binders are easily detected by antivirus programs.
If you are trying to encrypt your keylogger or virus program with publicly available Crypters and Binders, they are bound to be detected by antivirus programs. This is because most FUD (fully undetectable) Crypters remain “FUD” for a maximum of one or two weeks, after their public release.
When any free FUD Crypter/Binder becomes popular it also gets the attention of antivirus companies. The antivirus companies update their software and employ a detection mechanism that detects the encryption by the Crypter. To obtain FUD Crypters, you either need to search for it in hacking forums or make one by yourself. Soon I will post about how you can create your own Crypter and keep it private.
Meanwhile, you can try the below listed Crypter and Binder that are available publicly:
1) Chrome Crypter v2.0
This Crypter is FUD (Fully Undetectable) and free. It has a couple of extra features like executive file binder and inbuilt Icon Changer. Its recommended that you name your resulting output file in the format: “filename.mp3.exe”, .exe extension will be hidden on most of the systems, so your victim will run it believing its an mp3 file.
2) 0crypter v5.0.8
Like ‘Chrome Crypter’, this Crypter also has inbuilt ICON changer and few more advanced features like Default Browser Injection, Custom Injection Method (VBC advanced), Effective StartUp on reboot, Custom Startup, Custom Assembly Change, etc. This is not FUD, as my AVG quickly flagged the output file as Trojan virus.