Date : 22.4.

2014 (Tuesday)

Website: www.minsoeyarsar.com

G-Ma!l : myanmar0boy@gmail.com

Fb : www.facebook.com/kochartape

Zx….. : ။

။
Intro :
? Antivirus
? No! ။

Start :
။

။ Computer ။ Antivirus

Program ။ Virus Trojan

။ Programmer ။

Anti Virus Software

Antivirus software virus ?

( ) antivirus ။

( ) anti virus software Update

anti virus software update ။

။ ။

……

Bypass ….

Bypass(Anti Virus software virus )။ anti bypass

 ။ anti bypass ။ Virus software ၊ Own

) skill ၊

Crypter ။ ။ ။

။ Anti Virus Software Update Crypter

။ …..

Crypter
။ Google Anti Bypass Crypter

။ FUD Anti Virus Software Virus ။

FUD ။

Crypter
။

။ ။ VMware

. ။ ။

။ ။

။ Virus ။

Virus ။ Virus ။
 Run restart ။ ( )

Download : http://adf.ly/hrgix

(or)

http://adf.ly/hrh4X

Exidous Crypt Pr1v8

Exidous Crypter ။

။ Anti Bypass …

File Download ။

Download : http://adf.ly/jW513

(or)

http://adf.ly/jW58f

Download VMware run ။

Open File ။ Virus ။

Open ..။

Crypt It ။

။
Cryted1 save ။ ။

.. save ။ save ။
 Anti Bypass ။. Anti Virus Bypass ..
။

Link : https://www.virustotal.com/

Choose Files ။
Crypted1 Open ။ Scan It! ။
 .. ။

Scan ။
။ bypass ။

Link :
https://www.virustotal.com/en/file/3f5207c5945bf55b9aef49a15ca3e3c239bb826d179d99828045e6a6e8cd83f8/analy
sis/1393520484/
 Crypter .

Detection ratio: 39 / 50

။ Anti Virus 50 39 Virus ။ ။

Lol.. Anti Virus ။ McAfee

။ Bypass .. McAfee Anti Virus Software

Scan ။ … .. Anti Virus Software

Virus ။ Virus

Password Software .. how?

။ Anti Virus Software ၅ ၃၉ Virus ။

.. Exidous Crypt Pr1v8 anti Virus

..

။ 39/50 ။.. ။

Codelux CrypterV2
 Codelux Crypter v2 ။

Anti Virus Software bypass ။

။ ။ …

Download : http://adf.ly/jWKpY

0r

http://adf.ly/jWBPF

Note: Microsoft .Net Framework 4.0 ။ :D

TuT Start :..

browse anti bypass ..

Injection target …

W … …

Vbc,cvtres,cse, app launch … L h

( :P )

Main , Options , Binder , Assembly , Builder

Options
Execution Options Opps.. Not Bad . ..

Enable Startup : window

Hide File : ။

Stealth Mode : Stealth ။

Binder ။ ( ) ။
 test.exe ။

Assembly ။။ Software Info ။

( )

Clone ။။
DotnetFx40 info clone ။
Builder … ။
 ။

Icon Change ။

Spoof extension
 spoof extension ။ ။

name.exe ။

Exe x x

protect File save ။

 cryptedxe.jpge image ..

Image Run

..

Virus Scan ။
 Bypass ။ :P

More :

SHA256: 0d9d5d30a525685082995abfefa24801bbfe9c41b7f88a4c7141a2b8be8bb59f

File name: cryptedexe.jpg

Detection ratio: 19 / 51

Analysis date: 2014-04-21 02:34:23 UTC ( 1 minute ago )

https://www.virustotal.com/en/file/0d9d5d30a525685082995abfefa24801bbfe9c41b7f88a4c7141a2b8be8bb59f/analy
sis/1398047663/

Urge Crypter
Urge Crypter ။ crypter

။ Anti Bypass ။

။ crypter :D )

။ ။
Download : http://adf.ly/jWMap

0r

http://adf.ly/jWMmi

။
 Stub.. ။ stub anti bypass

။ ( Keylogger , stealer , rat ) Trojan ။

။ (၄) Open ။ ။

။ Icon ။
 Firefox Icon ။

Mozilla Firefox ။

။ Melt ။

Run

Delete ။ ။

attack user run run stealer

server ။

delete ။ ။

No No No all are clean

Urge Crypter Process Injection ။ crypter service ။

Inject applaunch winlogon svhost ။ window

 inject window ။

window start up ( )

။ Rat ။

Inject ။ applaunch winlogon svhost

။ run suspect

။ persistence ။ .regedit

task mgr ။ calc.exe

။ calc ။

။
startup install ။

. x ။

။ startup

။ Crypt ။

Save ။
 … . x save :D

Virus Scan ။ Anti Virus bypass

https://www.virustotal.com

( crypter virustotal.com ။
။ crypter user )
 18 ။ ။

https://www.virustotal.com/en/file/b17d381aed54d7acd3b34339eb8dec698609baf520af70226896de46b50f5f74/anal
ysis/1397271574/

Xenocode Postbuild 2009 for .NET Beta Hex Editor

try .. hex editor

Xenocode Postbuild 2009 for .NET Beta Hex editor

Anti bypass ။ ။ rat , logger

, stealer active
 ။ BT FUD ။

FUD ။

update ။

..

Xenocode Postbuild 2009 for .NET Beta http://www.google.com ။

။ .. ။

Hex Editor ။

Xenocode ။

App > Add > Virtualize

.
Virtualize Enable point ..

General ။ Info fake Icon ..

.။

Product Title : ESET

Publisher : ESET MD

Description : ESET

Website : http://www.eset.com

version : 7 | 0 | 5 | 0

Icon Browser ။
 ESET NOD32 Anti Virus Style .. ESET Icon

xenocode application save save ။ Scan results

။

http://r.virscan.org/report/5a90c3f93539674807417768de016952.html

Scanner results : 24% Scanner(s) (9/37) found malware!

…. ။

Hex Editor ။

ESET NOD32 . ။

Ctrl+F Copy .. x h ။
........ inflate 1.2.3 Copyright h ..

0 ။
 ..

.........X.e.n.o.c.od.e.V.i.r.t.u.a.l.A.p.p.l.i.a.n.c.e. .

Value 0 ..

xenocode software Fake

။
 .

File save ။ Ctrl + S ။

Virus Scan Results

Scanner results : 22% Scanner(s) (8/37) found malware!

http://r.virscan.org/report/0dd427afabbf0937e5e5c8e23edf1d30.html

( :P)

( )

Www.minsoeyarsar.coM

Myanmar0boy@gmail.com

www.facebook.com/kochartape
More Info :

http://4sectors.com/ http://aungkyaw.net/ http://winkabarkyaw.net/ http://www.soesoediary.org

http://www.aungsanmks.com

Gz: Myanmar Ghost Team (MGT)

Min Soe Yar Sar ( M G T )