Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
20 item(s) found so far for this keyword.
UPX: Ultimate Packer for Executables Packers
UPX is a tool that is used to compress and encrypt executables in order to make them smaller and more difficult to reverse engineer. UPX is free to use, portable, and can be extended with additional features. It is known for its high performance and compatibility with a wide range of executable formats. UPX is commonly used by software developers …
Alternate EXE Packer Packers
EXE Packer is able to compress executable files (type EXE) or DLL-files. Already compressed files may also be decompressed with this program. There exist 12 different levels for file-compression. This program is also able to create backups of the files that shall be compressed.
If a file is compressed the physical file-size is reduced on the respective device. A compressed …
hXOR Packer Packers
hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.
The unpacker will decompress and decrypt the packed PE and execute it directly from memory without needing any hard disk space to execute.
DTPacker Packers
DTPacker is a .NET packer or downloader which although seeing considerable variety in the first stage, uses a second stage with a fixed password as part of the decoding.
The main difference between a packer and a downloader is the location of the payload data which is embedded in the former and downloaded in the latter. DTPacker uses both forms. …
BobSoft Mini Delphi Packer Packers
The Delphi programming language can be an easy way to write applications and programs that leverage Windows API functions. In fact, some actors deliberately include the default libraries as a diversion to hamper static analysis and make the application "look legit" during dynamic analysis.
The packer goes to great lengths to ensure that it is not running in an analysis …
Milfuscator Packers
Milfuscator is a tool used to obfuscate the code in a Portable Executable (PE) file by modifying and expanding the existing code in the ".text" section, without creating any new sections. It does this using the Zydis and AsmJit libraries, and is based on the concept of code mutation from a P2C project for the game Counter-Strike: Global Offensive. The …
ScrubCrypt Packers
ScrubCrypt is a malware obfuscation and encryption framework, derived from the earlier JLaive Batchfuscator crypter. It is designed to aid cybercriminals in evading detection and analysis by using a variety of techniques to conceal and protect the malicious software.
ScrubCrypt is advertised on cybercrime forums to employ encryption, code morphing, and (allegedly) polymorphism to create obfuscated malware payloads that are …
EasyCrypter Packers
EasyCrypter is the crypter that is being sold via an automated bot on Telegram. The crypter uses a method known as "mutation", which involves replacing instructions in the file with their analogues or a sequence of instructions that yield the same outcome as the original code. EasyCrypter supports a maximum file size of 5MB and is only applicable for x86 …
TrueCrypt Packers
TrueCrypt, a crypter developed and sold by the developers behind Meduza Stealer, which features LoadPE functionality and is written in Golang, supports both native (x32) and .NET binaries. This crypter has been used by Lumma, Vidar, Raccoon, MetaStealer, Redline stealers, and DCRAT.
PureCrypter Packers
PureCrypter, a multi-functional crypter/loader developed in C#, was first introduced in hacking forums on March 17, 2021. This tool is compatible with both 32-bit and 64-bit native as well as .NET payloads. It features multiple injection modes, including reflection, RunPE, and shellcode. PureCrypter can deliver payloads either via a URL or offline. It has been noted for its use in …