Octopus is mainly an executable file crypter, although it offers many other functions.
You can use it mainly to encrypt an executable file, completely hiding its actual structure and code and helping to protect it from being reverse engineered, analysed or cracked.
Although your file will be totally encrypted, it will execute and work just like before.
Octopus Crypter will enhance your protection against:
- Reverse engineering
- Cracking your software
- Software Debuggers
- PE editors
- Hex editiors
- Analysis software
- Antivirus software
A file crypted with octopus will:
execute and work just like before;
be considerably harder to get analyzed, cracked and/or reverse engineered;
be invisible to antivirus engines;
on user's choice, avoid analysis by various tools such as debuggers, virtual machines, sandboxes etc.
But this program offers a wide range of functionalities, not limited to file encryption. With Octopus you can also:
Bind (encrypted) multiple files of any type inside a single executable;
Useful to create installation packages of multiple files, incapsulated in a single exe.
Download, and on choice execute automatically, files from internet via a fixed URL;
Clone icon and version info from any file to your encrypted file;
Make your program run on each system restart;
Automatically copy your file to connected writable memories, such as USB, external HDDs and memory cards;
Execute encrypted file after a chosen time delay;
… and more!
You can use togheter all the functions you want, the final output will always be a single, undetected executable file, which, with just a simple double-click, will perform all the actions you have chosen.
Octopus stubs are sold Fully UnDetected by antiviruses ( over 40 different antiviruses, checked using viruscheckmate.com).
Each stub you get is unique, differently obfuscated each time, built and revised directly by the developer before being sold.
Octopus is coded in C,C++ (stub) and Delphi (builder).
First version, 1.0, was completed in september 2009 and since then many updates have been done to the program. While 1.x series were written in Visual Basic 6, I decided to rewrite from scratch the new version, to be able to code and use more advanced techniques which are not possible to do in VB6.
- Compatible with any Windows from XP to 10, both 32 & 64 bit, including Server versions.
- No dependencies: Both stub and builder are programmed to be independent and stand-alone, not requiring any other dependency other than those offered by the system by default (which come with a basic Windows installation).
EOF Data support: This crypter is compatible with applications which store data/settings at End Of File (see Glossary).
Shell parameters support: Octopus is compatible with programs that need to be executed with command line parameters.
.NET files support: Octopus is able to encrypt dotnet executables as well.
- Stub: The Stub is the code which incapsulates your encrypted exe file. When you execute the stub file, it will decrypt your file in memory, and execute its entry point. From there, your file will work just like before.
Each stub is the core protection of your executable, so an unique variant is send to each customer, to ensure it will be always something new to any analyzer or analysis software.
You can imagine the stub like a container, or box, which can always be different, and its content is unknown.
New unique stubs for your crypter can be bought anytime.
- EOF Data Support: In some softwares, their developer stores settings on the executable appending them at the end of the exe, after it was compiled. Thus the name EOF (End Of File) Data.
In such case, exe crypters will encrypt this data on file, which will be then unreadable for the program.
EOF Data Support will read EOF of the original program and append it at the end of the output encrypted file.
This will make sure that even this kind of executables will be fully supported by Octopus.
- Shell parameters support: Some programs need to be launched with command line parameters (ex. netstat -n -b).
Not all exe crypters support these executables. With Octopus you don't have to worry.
Octopus features in detail:
Octopus can crypt normal executables, dotnet exe files, and DLL files (acting as a loader for the DLL).
Not only the input files and program settings are differently encrypted on each build, but also a part of the stub itself. In fact, Octopus v2 uses 2 loaders, Stub.exe and Stub.dll. Stub.dll gets encrypted togheter with the other input data, and contains the core crypter functions. Anti-Viruses are unable to analyze it, since it stays crypted like your files.
The only thing AVs can analyze is the Stub.exe file, which is nothing more than a decrypter and memory-loader for the encrypted DLL code.
Each stub.exe you buy is unique, undetected differently each time with an automatic self-made C++ code obfuscator I programmed to do the job. I always revise manually each stub, to verify that it is undetected and working with a good performance.
The Octopus builder will crypt input files and configurations with RC4 algorithm using a random-bytes, random-lenght encryption key. You have also the option to enter your own encryption password. The actual process in which the builder and stub write/read data is kept secret.
Stub.dll is around 12 kb big, while stub.exe has a variable length, around 30-100 kb, due to the amount of obfuscation.
- Unlimited file number support: Join together how many files you want.
- Working with all file types: .exe, .doc, .jpg, etc.
- Direct memory execution: If you choose this option, your executable file will be executed directly in memory, without being dropped to hard disk.
Warning: memory execution works only with executable files (.exe, .scr ...)! For other file types, you must use the drop and execute option!
Warning: if you use the drop option, file will be decrypted before being dropped (scantime crypt only)! If you want the dropped file to still be crypted/undetectable, then crypt it using memory execution, save it, then bind it using dropping option.
- Selective execution when under analysis: Check/ Uncheck the flag on he left of each file to decide wheter that file will be decrypted or not when inside a detected analysis environment. You can select the analysis environments you want to detect by checking the appropriate flags in the Anti-Analysis tab.
Unchecked flag (default): this file will not be executed under a selected analysis environment.
Checked flag: this file will be executed also when under a selected analysis environment.
Warning: Self-Terminate option under “Anti-Analysis” tab will take priority on selective execution and will instantly shut down the whole program before any action (except MessageBox if enabled) is performed. If you want to make only some files execute when inside analysis environment, make sure that Self-Terminate option is disabled.
the program will spread itself to all drives (Removable hard drives, USB drives, memory cards etc.) connected to the computer. An autorun.ini file is created to execute the server automatically when the drive is opened. If you check the “Hide files” option, then the spreaded file and the Autorun.ini file will be hidden as a hidden, system file with readonly attributes. You can also choose a different name for the copied file.
Unlimited file number support (multidownloader)
Any file type supported.
The downloader will download chosen files from the specified URL to the specified directory. Then you can choose if it must also execute file or not. You can download and execute any file type (executables but also pictures etc.)
Downloader can be useful if you want Octopus to execute files without adding size to stub.
You can display a custom MessageBox on program start, or when an analysis environment is detected.
This is the only action the program does before the time delay (if there is).
Icon / Informations resource cloner: Clones icon, informations, or both, on your choice, from desided input file to output file.
Online authentication mechanism: Octopus will check online if the licence is authorized. This is a read-only operation and no information is transmitted remotely, except licence name and code. In case of suspicious chargebacks or scams, Builder will be locked and stub distributed to antivirus companies.
Anti-Analysis: Octopus will self-terminate if run under selected environments. You can choose the action for Octopus to perform if an analysis environment is detected: showing a custom messagebox, self terminate, or both.
Frequently Asked Questions
Q: I encrypted a program which is programmed to restart with Windows each time, but the file I bound with it gets executed too.
A: When you install a program which sets itself to run on each windows startup, for example a RAT backdoor, installed file will sometimes be a copy of file which has been run (so if you binded more files, they will be run also on startup)
This is a good technique to avoid this (for any binder or crypter):
Build a single encrypted “autorunned” file, using memory run;
Clear binder list;
Bind the previously created crypted autorunned file with legit file/s, using drop & execute.
Example of Virus-Scan: