RASH - EXE-cryptor

[encode]

Just made a private release of RASH EXE-cryptor.

The package contains a GUI for EXE-encryption. If someone wants to test it - please email me. New RASH has no compression by itself - only nice and simple XOR-based encryption.

[encode]

The file wrapped by this cryptor cannot be correctly decrypted by any AV software. For example:

Before
URL
After
URL

[nimdamsk]

Nice!
But KLabs will write decryptor in 5 minutes after they'll get your cryptor

[encode]

The stub contains decryptor which can be copy pasted. But currently the decryptor contains a two operands trick which fools all AV/generic decryptors - that's why even AVP and VBA cannot decrypt it...

Just fun art...

[nimdamsk]

KAV has comparably weak emulator today. Best ones are in NOD32 and BitDefender. I think they'll decrypt your code in emulator, but they have time limit, because AV can't work indefinitely

[encode]

The catch not in time. RASH contains instruction that all AV don't support. As a result a wrong key generated.

[encode]

About strong emulation. Previously RASH has a simple LZW compression with no anti-emulation tricks. Only KAV and VBA32 correctly decompress the code.

[Matt Mahoney]

They don't need to decrypt your code. The AV will just add your decryption code to their signature files.

[Piotr Tarsa]

matt:
so all rash encrypted would be marked as viruses. imo more intelligent is to extract original entry point from crypted executable an then set up breakpoint on that place. so av won't need decryptor

or one can make cryptor that uses external passwords for de/ crypting, eg. to decrypt & run you must provide password in command line, eg. yourprogram.exe --password mypassword

[encode]

The AV will just add your decryption code to their signature files.

Yep! Even if this is an experimental software for fun - without any malicious goal...

[Shelwien]

Guess, the next step is writing a polymorphic decompressor generator

[encode]

...or a compressor written in 100% ASM...

[Shelwien]

> ...or a compressor written in 100% ASM...

That's not a very creative idea.
And also with algorithms like your LZW it might be actually
simpler to write in asm as complex control flow is harder to
express with C and the like.

...Also is there any reason at all to care about compressor's size?

[encode]

Also is there any reason at all to care about compressors size?

Nope. But sometimes in ASM we may add an extra hand tuned optimizations...

[nimdamsk]

...Also is there any reason at all to care about compressors size?

1. Prove yourself that you are programmer, not java_coding_monkey.
2. Microcontollers: car electronics, RFIDs, emmbedded software, etc.

[encode]

1. Prove yourself that you are programmer, not java_coding_monkey.

Actually, I think not need to prove anything to anyone. If youre mature programmer you may do programming on any language and compiler without things like Delphi is for lame kids ASM is for cool programmers... You know what I mean...

[Matt Mahoney]

You need a small decompressor for self extracting archives, or high ranking on LTCB

[kyodai]

Could i try out the RASH? I could not find your email address, encode, so i am posting here. My email is contact@renderarmy.com Thanks in advance!!!!

[encode]

Just sent a link to you. You may remove your email address from the post.

[rkn]

Where is the download link ?

[encode]

Where is the download link ?

Download link is hidden...

[encode]

I do not post it, because RASH will be added to Anti-Virus databases, even before actual release. Currently, I've made some ASM driven decryption and decompression for RASH... Which will be in next "releases".