10-29-2018, 04:47 PM
An obfuscation tool for .Net + Native files. Applying some evasion techniques to bypass anti-virus software and install a persistence in the machine. Also, the output payload can be binded with a legit application while it bytes are being injected to legit process as well.
Main Features:
•.NET - Coded in Visual Basic .NET, required framework 4.0 dependency.
•USG - Adding some junk methods and rename all variables
•Injection - Hide payload behind a legit process
•Anti Virtual Machines - Uninstall itself if the machine is virtual to avoid scanning or analyzing
--------------------------------------------------------------------------------------------------------------------
_
--------------------------------------------------------------------------------------------------------------------
_
--------------------------------------------------------------------------------------------------------------------
Before crypt of a Orcus client file with 'Lime Crypter 3.1'.
Proof:
After crypt of a Orcus client file with 'Lime Crypter 3.1'.
Proof:
Virustotal:
Download:
Main Features:
•.NET - Coded in Visual Basic .NET, required framework 4.0 dependency.
•USG - Adding some junk methods and rename all variables
•Injection - Hide payload behind a legit process
•Anti Virtual Machines - Uninstall itself if the machine is virtual to avoid scanning or analyzing
--------------------------------------------------------------------------------------------------------------------
_
--------------------------------------------------------------------------------------------------------------------
_
--------------------------------------------------------------------------------------------------------------------
Before crypt of a Orcus client file with 'Lime Crypter 3.1'.
Proof:
[To see links please register here]
After crypt of a Orcus client file with 'Lime Crypter 3.1'.
Proof:
[To see links please register here]
Virustotal:
[To see links please register here]
--MD5: "ced45f6998154c48d72f053029ecbfc7"[To see links please register here]
--MD5: "9778a191ab6550b5415c596d1f41d8e1"Download:
[To see links please register here]