Перейти к содержанию


Проверенный продавец
  • Публикаций

  • Зарегистрирован

  • Посещение


0 Neutral

Информация о Zarathustra

  1. all avs clean right now service is ready for usage https://dyncheck.com/scan/id/470c1fd6e21fd444909bec3a144439bc
  2. Crypter has been updated to improve handling of section permission when mapping the executable into memory.
  3. There was a small problem yesterday that got fixed within 2 hours. If your file doesn't work, send me the file in the PM and I'll issue you a new fixed crypt.
  4. It is added, the page should now automatically refreshes every 15 seconds (done without javascript using HTML meta tag). Thank you for the feedback.
  5. Service is clean as usual: https://dyncheck.com/scan/id/5979d31d9872894eb560222b1930aaac
  6. Slowly during the next week or two, a new system of stub will be slowly rolled in: some stubs will still be coded in C , while some stubs might be coded in other native programming languages such as Delphi. This will not lower execution rate at all, the stubs designed in other programming languages has been tested for full compatibility and has shown to be very promising in allowing more stubs to be made in a short time, and reducing cross detections.
  7. Crypter is in C/ASM and was previously offered on different forums. Supports most (if not all) native executables. For crypting managed executables included is project from Luminos to support .NET 2.0 files. Executes payload using either RunPE or LoadPE, with important APIs are called via direct syscalls, syscall IDs are grabbed dynamically by mapping own copy of ntdll (Note: this is not manual mapping ntdll and calling from there!), therefore bypassing all usermode filtering systems. Project has unique way of creating new stubs, very long fud time and easy to make clean again. Price for source code for 1 hand: 1.5k USD The price is flexible and negotiation can occur if it is needed. Crypter was previously sold as a service as TitanCrypt, you might have heard of it. There were no unsatisfied customer at all with the service.
  8. Telegram contact added: @cryptservice I recommend jabber over telegram because OTR provides end to end encryption, but telegram is opened and available for those who wish to contact me there.
  9. New startup technique added. Runtime FUD with smoke loader: https://dyncheck.com/scan/id/5d82cb21d05b1ed3dffb9056d459ef48 (Comodo is not a detection but only virtualization)
  10. Additional obfuscation techniques have been added which should result in even better results and makes the job difficult for reverse engineers. Dyncheck of formbook loadpe: (Comodo is not a detection it is virtualization, and Kaspersky and Dr. Web detection comes from formbook not the crypter).