Search This Blog

Crypted Files in Cyber Espionage

Cryptors are programs which are used for making files FUD(file undetect by antivirus)
Cryptors are programs which are used for making files FUD(file undetect by antivirus)

The cryptor can make a EXE file not detectable by antivirus. Most cryptors are common and once u buy license can be used to make files undetectable by antivirus.

However antivirus companies keep a tab on almost all cryptors and they keep adding signatures of all the stubs. So cryptors come out with private versions and unique private version of their cryptors.

However portions of their code which they use in public version is reused in private version making it detectable very fast.

There are few cryptors like darksane, fileprotector, aegiscryptor, xprotect and shiekh cryptor which are available from $50-$200 for 6 months license. All these
cryptors give you scanning once you crypt the file. But these scanners are only offline. so even if you get 37/37 FUD and cryptors make tall claim about bypass all known antivirus. These claims are often not true. The scan for FUD you run is using elementscanner which can scan against 43 or 37 antiviruses and show it is FUD.

But often antivirus detects them when they are executed on the machine.

CSPF was approached by a corporate company which had series of cyber espionage attack, we evaluated all the files and found these attacks by spyware(were done using cryptors).

CSPF did a evaluation of these crypted files in run time execution and most of these crypted files get detected in run time. We also evaluated with so called private unique stub written by cryptors almost every single file got detected by kaspersky and nod32 in run time.

Author:
J Prasanna Tech CORE, Cyber Security & Privacy Foundation
Share it:

cyber espionage

Cyber Security awareness

IT Security News

Security News