This Python project provides a simple EXE crypter that can encrypt an EXE file, embed anti-debug mechanisms, and generate a decryption script. The resulting Python script can then be converted into an executable file.
- EXE Encryption: Encrypts the provided EXE file using a random key and Base64 encoding.
- Anti-Debug Detection: Detects virtual machine environments and popular malware analysis sandboxes. If detected, the script will exit without executing.
- Python Script Generation: Generates a Python script (
output.py
) that will decrypt and execute the provided EXE. - EXE Conversion: The generated Python script can be optionally converted into a standalone EXE file.
- Path to EXE: The user is prompted to enter the path to the EXE file that should be encrypted.
- Anti-Debug Option: The user is asked if anti-debug detection should be enabled. When enabled, the script checks if it's running inside a virtual machine or malware analysis sandbox.
- Encryption: The EXE file is encrypted with a random key, and the encrypted data is embedded into the generated Python script.
- Script Generation: The generated Python script (
output.py
) contains the encrypted EXE data and code to decrypt it during runtime. - EXE Creation (Optional): The user can choose to convert the Python script into an EXE file using
PyInstaller
.
- Run the Script: Execute the Python script and follow the prompts.
- Provide the Path to the EXE File: You will be asked to enter the path to the EXE file you want to encrypt.
- Enable Anti-Debug: You will be asked if anti-debug detection should be enabled. If enabled, the script will check for indicators of virtual machines and sandbox environments.
- Python Script Output: The script will generate
output.py
, which contains the encrypted EXE file and logic for decryption and execution. - Convert to EXE: Optionally, you can choose to convert the generated Python script into an EXE file.
The anti-debugging feature looks for the following indicators to determine if it's running in a VM or analysis environment:
- VM Indicators:
VBOX
,VIRTUALBOX
,VMWARE
,XEN
,QEMU
,HYPERVISOR
, etc. - Analysis Environments: Common sandboxing services like
VirusTotal
,Cuckoo
,Joe Sandbox
, and others. - System Information: Checks
systeminfo
, the system's hostname, and username for any signs of a VM or analysis tool. - VirusTotal Access: Attempts to access
virustotal.com
. If it can access the site, it assumes the environment is a sandbox.
If any of these indicators are detected, the script will exit without executing the EXE.
This project is licensed under the MIT License.