What is a Scantime and Runtime crypter ? Crypter FUD explanation

What is a Crypter scantime and runtime and what is it for ?

Scantime and Runtime crypter what’s the point ? We explain you how a utility can make FUD (undetectable) an executable or a Windows application such as trojan servers, botnets, viruses, worms and many other malicious creations against antivirus ! We will also give you our opinion among the scammers who want to sell their encryption.

Scantime and Runtime crypter, what’s that ?

Scantime and Runtime crypter FUD, UD or Detected you have already seen these expressions on some forums or sites that talk about hacking ?

You must certainly already know what Cryptography is, it’s what allows the protection of our files, passwords and it’s obviously useful in many other cases of use.

Because it is also thanks to it that some hackers manage to hide their malwares, viruses, worms, trojans and botnets, they use a simple application (called the builder) to load their infected executable in order to encrypt it with the code present in the stub (the heart of their encryption).

Once the file is encrypted, it becomes undetected by antivirus, the infected application is then executed in memory or silently injected into another Windows process or application, the purpose of encryption in terms of hacking, is to remain discreet and invisible.


Do I have to buy a FUD Encrypter on the internet ?

If you want to get ripped off, this is the best way !

Nowadays, getting reviews is very important and it allows others to avoid being fooled.

There are a multitude of these programs available, for example the best known are :

  • Cassandra Crypter
  • Static Crypt
  • Mango Crypter
  • DataProtector
  • Cyberseal
  • Spartan Crypter
  • DarkEye Crypter
  • BitCrypter

Our take on these crypters ? Created by a few scammers from the Hackforums.net forum, they praise the merits of their tools, but however, we tested them very deeply and indeed it’s a nice scam, you want to know why ?

Because quite simply all the crypters that you will find on the forums and on the rest of the internet are scams, because they make you believe that your files are indeed undetected because they simply encrypt your files at rest, once they are executed in memory, they will all be detected by all the anti-virus software.

These encryption vendors, make you believe that they are revolutionary and undetected (FUD = Fully UnDetected) by giving you antivirus scans, but in the end these antivirus scans are only done on simple scan and not in memory, so the encrypted executables are not injected in memory, a nice scam in itself !

Here is an example of a Scantime and Runtime encryption :

Runtime Scantime Crypter FUD
A so-called FUD Crypter Runtime Scantime, perfect for baiting novices.

CHow do I avoid getting scammed and get a FUD crypter ?

We have the best solution for you and we have decided to share it with you.

To have your own 100% FUD encryption you just have to create it yourself, it is extremely simple to create a VB.NET injector that will inject your file in memory in a targeted process.

You just have to learn a little bit to program by yourself, before long, we will share with you the source code of one of our codedom and FUD (Fully Undetected) crypters but only dedicated for educational purposes.

But for the moment, we propose you to discover a source of a Public Codedom Crypter that has a RunPE code, so an injection will be made in memory with the file you want on your computer, but you will be able to see the core of the source code of a Scantime and Runtime crypter and believe us it’s very interesting, you will have to download Visual Studio in community version and then install it and finally, download the source code below and load it by clicking on the .vbproj file that will load the project !

Download the Crypter Scantime and Runtime (SRC) project :

Download the crypter source code

Don’t give money to anyone and don’t believe what they tell you about it, in the hacking world don’t trust anyone, even if a person gives you evidence, it can be false, there are so many methods to learn how to inject a file it’s just unbelievable.


Why doesn’t Anti-Virus detect anything against encryption ?

Simply because the process used is quite special, there are several types of injections for your applications, here they are :

Scantime : The application will be encrypted so it won’t be detected by the simple virus scan.

This is the famous method used by thieves who sell fake crypters.

Runtime : The application will be encrypted and injected into a process, for example most often “vbc.exe” or “svchost.exe” from these Windows processes, the malicious application will be launched silently as long as the RunPE code (code allowing injection) is not detected by the anti-virus software.

Encrypted file

When using these bypass methods it should not be forgotten that all this will be encrypted using a cryptographic algorithm, for example Triple DES, but there are many other algorithms that can be used, you can even create your own from scratch.

In order to make their applications undetectable as long as possible, crypters can be equipped with additional features :

USG (Unique Stub Generator) : This method allows you to make an executable very different from the others previously created. (For example each file will be 98% different).

Junk Code : Allows to add random code to make detection even more complicated, for example adding fake modules, functions and comments in the application.


Are there other methods to make an executable undetectable ?

Of course, there are so many methods that allow hackers to make their executables and applications undetectable to anti-virus software.

For example, there is the case of hexadecimal editions, where by separating the .exe into multiple parts, each piece of code that is detected by the antivirus in question can be found and to bypass it, it is possible to modify some data, but beware that this method can corrupt the basic executable and it can damage it.

Just like manual editing, there are packers and obfuscators like Themida and ConfuserEx, these utilities are normally used to protect the source code of honest developers who use them for non-malicious software, however, the use of these tools is hijacked by small malicious people who obfuscate their creations and make them more or less undetectable.

Themida undetection
Themida, a very widely used tool in the years 2010.
Confuserex FUD
Confuserex currently used by all types of developers.

On the side of Scantime undetection (file scanned but not executed), it is extremely simple to make a file undetectable, the simplest method, which still works today against some antivirus, is to modify the assembly (description of the . exe file description) and to modify the icon of the application with Resource Hacker, once scanned by your antivirus, if you have done it well, your test will be conclusive and your antivirus (if the antivirus company is not aware of this method), will see nothing but fire, however, once the file is executed it will be detected since no protection is present for the execution in memory !


How to counter Trojans and Encrypted Viruses ?

Unfortunately encryption is available to everyone on the internet, this tutorial will teach you how to avoid getting trapped, for example when you download an application that is not very used and not very reliable, the best thing to do is to send your executable to the VirusTotal site, which will scan the file for you with more than 45 anti-virus software, you can also use the Jotti or Metadefender scan, this is the best way to send copies to anti-virus companies.

This will greatly annoy the creators of these fake encrypters, since the executables will be sent to the anti-virus companies who will then scan the application and finally once the scans are done it will be much more detected !

The best solution is of course not to fund the developers of scantime and runtime encryption, to learn nothing better than to create your own to try on your computer !

On Hackforums.net a lot of scammers sell their fake scantime and runtime crypters in order to attract people who are passionate about the world of computer security, don’t get fooled, don’t spend money on it, you might as well buy a moo box, at least it will work.

Thank you for sharing our article, just spreading the word will save some people from getting ripped off, thank you for reading and supporting us !

Leave a comment