Automatic polymorphic EXE Crypt - Guaranteed FUD

[Rousseau]

Dear members of xss.pro, I bring you a EXE cryptor with clean runtime and guaranteed clean scantime,

Technical details:

• 93-98% Polymorphic each output;
• Clean runtime;
• Scantime check at avcheck.net after crypt, not FUD? Key not used, try to crypt again;
• Anti emulation;
• Ring3 hook bypass & unhook (NTDLL, KERNEL32, KERNELBASE, USER32);
• LoadPE of own design that supports most Native x86 EXE (delay import as well, TLS callback called on attach);
• Written in C & x86 ASM;
• Native output, runs on entire line of modern windows;
• .NET 2.0-4.X support, x86 EXE;
• Native support, x86 EXE (with .reloc);
• 1 stub = 1 crypt;
• Long FUD, good heuristic;
• Example output (comodo virtualization, never detect):
  • Dyncheck internet full
  • Avcheck

Follow laws in jurisdiction; this is a obfuscation service, I do not take responsibility for what it is used for.

Active support;
supercut@exploit.im,
supercut@xmpp.jp
OTR enforced and required!

Link (TOR) http://execryptmuma5spl.onion

[ru]
Уважаемые участники xss.pro, я представляю вам криптор EXE с чистым временем выполнения и гарантированным чистым временем сканирования,

Технические подробности:

• 93-98% Полиморфный каждый выход;
• Чистое время выполнения;
• Проверка времени сканирования на avcheck.net после склепа, а не ФУД? Ключ не используется, попробуйте снова зашифровать;
• Анти-эмуляция;
• Обход крюка Ring3 и отцепление (NTDLL, KERNEL32, KERNELBASE, USER32);
• LoadPE собственной разработки, которая поддерживает большинство Native x86 EXE (также задерживает импорт, обратный вызов TLS вызывается при присоединении);
• Написано в C & x86 ASM;
• Родной вывод, работает на всей линейке современных окон;
• Поддержка .NET 2.0-4.X, x86 EXE;
• Собственная поддержка, x86 EXE (с .reloc);
• 1 заглушка = 1 склеп;
• Длинный FUD, хорошая эвристика;
• Пример вывода (виртуализация comodo, никогда не обнаруживать):
  • Dyncheck internet full
  • Avcheck

Следовать законам в юрисдикции; это служба запутывания, я не несу ответственности за то, для чего она используется.
Активная поддержка на английском языке;
supercut@exploit.im,
supercut@xmpp.jp
OTR соблюдается и требуется!

Link (TOR) http://execryptmuma5spl.onion

 

[Rousseau]

[FREE FOR xss.pro USERS]
Test compatability with .NET 2.0-4.X payload: http://execryptmuma5spl.onion/net2native.html
Convert .NET file into Native!

[БЕСПЛАТНО ДЛЯ ПОЛЬЗОВАТЕЛЕЙ xss.pro]
Проверьте совместимость с полезной нагрузкой .NET 2.0-4.X: http://execryptmuma5spl.onion/net2native.html
Конвертировать .NET файл в Native!

KEY: FREEXSS

 

[lamer2k20]

interested. write me in pm for discuss

 

[Rousseau]

Cryptor remains clean after 2 weeks since last cross-detect;
Some generations are not FUD, your key will not be used if that is the case, crypt 2-3 times and your output will be FUD;
Runtime crypter remains clean;
NOTE: only 1 key purchase is refundable due to error/incompatible!

 

[Pernat1y]

Convert .NET file into Native!

And how does this work?

 

[Rousseau]

And how does this work?

A CLR host is used with stealthy API calls to run a .NET assembly from memory. Makes it possible to inject .NET code in Native process or use .NET binary in Native only cryptor. Stub size was 7kb but is now ~50kb if i remember correctly, I do not have time to strip binary, will not do for a free service like this.

 

[Rousseau]

Sorry for downtime, cleaned ESET detection. Now FUD.

 

[Pent]

I am your client there are problems add me to the jabber

 

[Rousseau]

I am your client there are problems add me to the jabber

Online now

 

[PinGuy]

Site is down, added you on jabber. Please come on when you can.

 

[Rousseau]

Site is down, added you on jabber. Please come on when you can.

Back up,

Fixed bug that negatively affected execution rates on machines running below Windows 10 for a few files; if you think you're affected by this, contact me for a free recrypt.

 

[Pent]

Your crypt broke my file,you don't get in touch with jabber

 

[PinGuy]

[QUOTE = "Rousseau, post: 249212, member: 202599"]
Back up,

Fixed bug that negatively affected execution rates on machines running below Windows 10 for a few files; if you think you're affected by this, contact me for a free recrypt.
[/ QUOTE]

Getting 5 detections on scantime ...

 

[Rousseau]

Your crypt broke my file,you don't get in touch with jabber

I was on jabber 12 hours yesterday, why don’t you send message? New key in PM, please do not trash thread without trying to contact me.

 

[Rousseau]

[QUOTE = "Rousseau, post: 249212, member: 202599"]
Back up,

Fixed bug that negatively affected execution rates on machines running below Windows 10 for a few files; if you think you're affected by this, contact me for a free recrypt.
[/ QUOTE]

Getting 5 detections on scantime ...

Not possible, automatic check at avcheck.net. Key will not be used if not FUD, try to crypt again, can you not read?

 

[Rousseau]

First attempt, FUD file with putty.exe: http://avcheck.net/id/OQgH147Vx3lq
Automatic avcheck scan, link is put in file with your crypt as proof, please do not spread lies on my thread.

 

[PinGuy]

[QUOTE = "Rousseau, post: 249275, member: 202599"]
Not possible, automatic check at avcheck.net. Key will not be used if not FUD, try to crypt again, can you not read?
[/ QUOTE]
I mean I have retried 15x. Its always 6 detections, 5 Detections, or 4. Then just goes through the cycle again.

 

[PinGuy]

Correction, just got it refuded.

 

[Rousseau]

Correction, just got it refuded.

GEN/cross detects happen sometimes, wait 2-4hours and I clean it fast. Often it is ESET after 5-6 days or random heuristics by 4-5 AVs that can be cleaned by trying to crypt again.

 

[rlz]

Did anyone try the service, can you post reviews? Looks promising will give it a try just dont want someone to steal the stubs with free service.