If you are unsure what a feature is or how it works, or you want some additional information, you will find it here
This is where you have to select the file you want to crypt. You can do so by clicking the folder icon and navigating to the folder your uncrypted file is in. Once there, select the uncrypted file and hit open.
This is where you load in the latest pushed stub. You can find the stub (stub_xxxxx.sc) in the same folder your crypter is in. Once there, select the uncrypted stub and hit open.
Use this option if you don't want your file to run if it's on a Virtual Machine (VM).
This gives the binded file a random name. DO NOT use this feature if you are not binding your crypt with any files!
Use this feature if you want to compress your file. Compression uses a technique that decreases your file size. WARNING: You may get a UPX detection from Clam AV. This is normal.
Alt. loader, or alternative loader is an alternative way of loading the payload of your file, which uses the recolations table inside your build. This function is great for bypassing AV's runtime, though it does need recolations in order for it to work. RAT's like DarkComet and Remcos have this feature.
The filebinder allows you to bind one or more files to your crypt. You can do so by simply dragging and dropping the file(s) you want to bind in the file binder area inside the crypter.
Upon the first execution of your file the binded file will run as well. After that the binded file won't run anymore. DO NOT use this feature if you are not binding your crypt with any files!
Persistance makes sure the process of your crypted file doesn't get killed easely in task manager.
With delay you can add a delay upon execution of your crypted file. When your file gets opened it will start running after a set amount of seconds.
If you want to pump your file slightly you can do so here by adding a set amount of KB's to your crypted file.
If you want to add an icon to your crypted file, you can load one in here. You can do so by clicking the folder icon and navigating to the folder where your icon image is in. Once there, select the icon image and hit open.
If you want to clone the icon from an existing executable you can do so by clicking the folder icon inside the crypter, navigating to the executable of which you want to clone the icon, select it and hit open.
Here you can clone version information from any existing executable. You can do so by clicking the folder icon inside the crypter, navigating to the executable of which you want to clone the version info, select it and hit open.
Installation copies your crypted file to the appdata folder of the PC upon execution and gives it the folder and file name you added in the crypter. WARNING: When using this be sure to fill in the Install File name and Install folder name boxes.
Startup makes your crypted file run at startup upon its first execution. If you want your file to run everytime the PC starts please enable this feature. WARNING: If you are using this feature be sure to fill in the Startup Name box.
Melt hides your file and makes it invisible in windows explorer (unless hidden files have been turned on, which is normally not the case)
Here you can scan your crypted files for free. The crypter uses Viruscheckmate as scanner. This scanner DOES NOT distribute. If you have any detections and you don't know how to get rid of them, scroll down, double click the link and copy it so you can send it to me along with your question.
1. DO NOT use every single feature just because it's there. It's better to have a simple file which does everything correctly then a file with all features that does not work properly.
2. Do some testing with your crypted file and see if it works properly. If you are crypting a RAT you can use the features in the RAT as well, but again you need to test what does and doesn't work together.
3. If you are getting detections and you are not sure what to do, do a Clean build of the program you are crypting (no features) and a clean crypt (no features). If the detections are gone, it means a feature is causing the detection and you can test more to find out which one it is and how to avoid the detection.
4. If the crypted file does not work properly but uncrypted it does, 99% of the time it's a feature in the crypter or file you're trying to crypt that does not work well with the rest.
5. If your file is scantime FUD but you get a detection runtime It could very well be something that you enabled in the RAT/uncrypted program that is causing detections. DO NOT enable unnececary things.
6. If you still need help, feel free to contact a seller for assistance, we're happy to help. Be as clear as possible and provide screenshots/links.
Answer: Gen detections are often caused by Size, Icon, Assembly info selected by the users. You can try to avoid them by: Changing icon (avoid low resolution/size icons), Changing assembly info (avoid overused assemblies), Pump the file slightly.
Answer: 99% of the time those detections are caused by your icon or version info. You can try to avoid them by: Changing icon (avoid low resolution/size icons), Changing assembly info (avoid overused assemblies)
Answer: Scroll down to the DO'S and DON'Ts below, it will help you keep your file FUD.
DON'T: Scan on sites like: VirusTotal, Anubis, Jotti
DON'T: Upload your files to sites like: Dropbox, MediaFire, GoogleDrive
DON'T: SPAM/Mass spreading (Doing this will result into an instant ban from the service)
DON'T: Post your infected Results on the SalesThread (Doing so will result in an instant ban from the service)
DON'T: Posting any problems on the thread, when you've not tried to contact support. ALWAYS CONTACT SUPPORT FIRST.
DON'T: Be stupid.
DO: Disable your AV distributing file samples on your PC.
DO: When asked for support, have some patience. Support might be sleeping or otherwise occupied.
DO: Recrypt your file with the latest stub for the best results.