Do you know crypter can clone assembly or Code Signing Certificate? This tutorial will show how to make your payload FUD in simple ways. You can find three ways to make your file fully undetectable: changing the assembly, cloning it, or clone Code Signing Certificate.
This video will show how to make your payload FUD to antivirus by changing assembly, clone assembly, or clone Code Signing Certificate. You will watch Data Encoder crypter options or can read the crypter features.
Also, you can watch other crypter tutorial videos and recommend watching bypass Windows Defender March 2023.
How to make FUD file with crypter software?
We used DcRAT to create the RAT payload and make It FUD by changing the assembly first. DcRAT is one of the free remote access tools and we do not recommend it. You can watch other free tools like NjRAT or make Asynce RAT FUD for more detials too.
After creating the DcRAT file, you have access to many options on the Data Encoder Crypter Dashboard to make the RAT FUD.
Add your RAT file on the Package tab and select Assembly Tab
The essential options are placed in the Assembly tab.
You can change assembly by default options or clone the assembly from an app, clone Code Signing Certificate or change the Icon. We are changing the assembly now.
Encrypt it and wait for scanner results for FUD tests.
As you see, the DcRAT file, after changing assembly, has detections. So we will try a different method.
Best tool for clone assembly or sign code certificate
Crypter software is one of the best tools for clone assembly or clone sign code certificate. Note don’t download free crypter. You may ask why?
free tools like malware or crypter can’t give FUD results in the Runtime. Also, your tools and kits must be compatible. For example read the crypter for RAT article for more information.
Follow these steps o get FUD results.
Find an unpopular app to clone the assembly from it. And selected app must be unprotected code signing if you want to clone code signing. We used “Paint-NET” here. Add it to Clone Assembly and Icon Section. Crypter automatically clones the assembly and icon of the file.
Note it would be better to search for unpopular apps according to your goal. For example, we want to send the file to a designer and find Paint-NET for cloning and sending. So crypter clone assembly and your target will click on it.
Another point, files that have a Code Signing Certificate have a Digital Signature tab in the file properties section. We will show how to make it in the next FUD method.
Now with cloning assembly, results get better but not completely FUD. Now we clone the certificate and make some changes like increasing file size and waiting for results.
The encrypted file must clone the clone Code Signing Certificate so check it on the Digital Signature tab in the file properties section.
As you see, the file grabs the Code Signing Certificate, and the results are now fully undetectable (FUD).
Just rename the file to the desired name. Then follow the below section if you want to bypass Windows SmartScreen or Chrome alert warning.
How bypass Windows SmartScreen or Google Alert?
Some users ask why encrypted files can’t bypass SmartScreen or Google Alert.
The clear answer is it isn’t related to the crypter, and you need to use a trusted host with an SSL structure and regular traffic. Some tricks will help you too:
Put the Windows System 32 dlls with the encrypted app with Code sign Certificate signatures plus some app dll in one folder and zip it. Then upload it to your mentioned trusted host.
Join our Telegram channel for more details about crypter clone assembly or clone Code Sign certificate.
We recommend learn about what is RAT trojans and watch bypass antivirus videos too.