BoxSizer.AddSpacer() error about crypter HOT 15 CLOSED

That is great thanks very much for your assistance and time.

from crypter.

Hmm that's interesting... perhaps there was something in the contents of those files that the encryption libs didn't like. I'm assuming they're not just empty files? what are those extensions? not sure I've seen them before.

No problem :-), do you mean additional pieces of ransomware?

from crypter.

Hey :-) sounds interesting! I suspect this issue is probably related to the version of wxPython you're running. They seem to change function parameters and such which is probably what's happened in this case. AddSpacer() takes a tuple argument and then a version later they decide to change it to take an integer, string etc. which obviously causes these kinds of issues!

This is mainly why I created a .zip for every release which contains all of the code, and the exact versions of each dependency I was using at the time (you can find the .zip on the Releases Page).

What version of wxPython are you currently running? I used 3.0.2.0 which I think you'll have more success with

from crypter.

I will try that thanks. My versions were pretty much default as in pip install
Many thanks.

from crypter.

No problem. Worst case scenario, create a fresh Windows VM and install all dependencies from the dependencies folder in the 2.40 release .zip file. You certainly shouldn't have any problems then.

If you're still experiencing issues, or if I can help with your research feel free to let me know.

from crypter.

Hi,

Thanks for the help, today I got to the Cryptor Window, I pressed Build and I am getting the following console error.

Any help would be great.

[2018-04-04 00:35:33]: Build Launched
[2018-04-04 00:35:33]: DEBUG Level: 1 - Low
[2018-04-04 00:35:33]: Builder: Checking configuration...
[2018-04-04 00:35:34]: Builder: Checking builder_language
[2018-04-04 00:35:34]: Builder: Checking pyinstaller_aes_key
[2018-04-04 00:35:34]: Builder: Checking icon_file
[2018-04-04 00:35:34]: Builder: Checking open_gui_on_login
[2018-04-04 00:35:34]: Builder: Checking gui_title
[2018-04-04 00:35:34]: Builder: Checking upx_dir
[2018-04-04 00:35:34]: Builder: Checking delete_shadow_copies
[2018-04-04 00:35:34]: Builder: Checking disable_task_manager
[2018-04-04 00:35:34]: Builder: Checking key_destruction_time
[2018-04-04 00:35:34]: Builder: Checking wallet_address
[2018-04-04 00:35:35]: Builder: Checking bitcoin_fee
[2018-04-04 00:35:35]: Builder: Checking encrypt_attached_drives
[2018-04-04 00:35:35]: Builder: Checking encrypt_user_home
[2018-04-04 00:35:35]: Builder: Checking max_file_size_to_encrypt
[2018-04-04 00:35:35]: Builder: Checking filetypes_to_encrypt
[2018-04-04 00:35:35]: Builder: Checking encrypted_file_extension
[2018-04-04 00:35:35]: Builder: Checking make_gui_resizeable
[2018-04-04 00:35:35]: Builder: Checking always_on_top
[2018-04-04 00:35:35]: Builder: Checking background_colour
[2018-04-04 00:35:36]: Builder: Checking heading_font_colour
[2018-04-04 00:35:36]: Builder: Checking primary_font_colour
[2018-04-04 00:35:36]: Builder: Checking secondary_font_colour
[2018-04-04 00:35:36]: Builder: Checking ransom_message
[2018-04-04 00:35:36]: Builder: Checking debug_level
[2018-04-04 00:35:36]: Builder: Validation successful
[2018-04-04 00:35:36]: Builder: Encryption will target attached drives and the user's home directory
[2018-04-04 00:35:36]: Builder: Creating binary runtime config at Resources/runtime.cfg
[2018-04-04 00:35:36]: Builder: Runtime config successfully written
[2018-04-04 00:35:36]: Builder: Creating PyInstaller SPEC file
[2018-04-04 00:35:36]: Builder: (Warning): UPX path not specified. The PyInstaller binary will not be packed. It is recommended that UPX is used as this can reduce the binary size by several Megabytes
[2018-04-04 00:35:36]: Builder: SPEC file successfully created
[2018-04-04 00:35:36]: Builder: Calling PyInstaller. Please wait...
[2018-04-04 00:35:37]: PyInstaller: 172 INFO: PyInstaller: 3.3.1
[2018-04-04 00:35:37]: PyInstaller: 172 INFO: Python: 2.7.14
[2018-04-04 00:35:37]: PyInstaller: 187 INFO: Platform: Windows-7-6.1.7601-SP1
[2018-04-04 00:35:37]: PyInstaller: 187 INFO: An exception occured when testing for UPX:
[2018-04-04 00:35:37]: PyInstaller: 187 INFO: WindowsError(6, 'The handle is invalid')
[2018-04-04 00:35:37]: PyInstaller: 187 INFO: UPX is not available.
[2018-04-04 00:35:37]: PyInstaller: 187 INFO: Removing temporary files and cleaning cache in C:\Users\WinSlave\AppData\Roaming\pyinstaller
[2018-04-04 00:35:37]: PyInstaller: 203 INFO: Extending PYTHONPATH with paths
[2018-04-04 00:35:37]: PyInstaller: ['C:\Users\WinSlave\Downloads\Crypter-master\Crypter-master\Crypter',
[2018-04-04 00:35:37]: PyInstaller: 'C:\Users\WinSlave\Downloads\Crypter-master\Crypter-master\build\build']
[2018-04-04 00:35:37]: PyInstaller: 203 INFO: checking Analysis
[2018-04-04 00:35:37]: PyInstaller: 220 INFO: Building Analysis because out00-Analysis.toc is non existent
[2018-04-04 00:35:37]: PyInstaller: 220 INFO: Initializing module dependency graph...
[2018-04-04 00:35:37]: PyInstaller: 220 INFO: Initializing module graph hooks...
[2018-04-04 00:35:37]: PyInstaller: 407 INFO: running Analysis out00-Analysis.toc
[2018-04-04 00:35:37]: PyInstaller: 407 INFO: Adding Microsoft.VC90.CRT to dependent assemblies of final executable
[2018-04-04 00:35:37]: PyInstaller: required by c:\python27\python.exe
[2018-04-04 00:35:37]: PyInstaller: 578 INFO: Found C:\Windows\WinSxS\Manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.manifest
[2018-04-04 00:35:37]: PyInstaller: 578 INFO: Found C:\Windows\WinSxS\Manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_f47ed0f6f6564d90.manifest
[2018-04-04 00:35:37]: PyInstaller: 595 INFO: Found C:\Windows\WinSxS\Manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f480bfaef65491a5.manifest
[2018-04-04 00:35:37]: PyInstaller: 720 INFO: Searching for assembly x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_none ...
[2018-04-04 00:35:37]: PyInstaller: 735 INFO: Found manifest C:\Windows\WinSxS\Manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57.manifest
[2018-04-04 00:35:37]: PyInstaller: 735 INFO: Searching for file msvcr90.dll
[2018-04-04 00:35:37]: PyInstaller: 735 INFO: Found file C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
[2018-04-04 00:35:37]: PyInstaller: 751 INFO: Searching for file msvcp90.dll
[2018-04-04 00:35:37]: PyInstaller: 751 INFO: Found file C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
[2018-04-04 00:35:37]: PyInstaller: 751 INFO: Searching for file msvcm90.dll
[2018-04-04 00:35:37]: PyInstaller: 751 INFO: Found file C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
[2018-04-04 00:35:37]: PyInstaller: 891 INFO: Found C:\Windows\WinSxS\Manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.manifest
[2018-04-04 00:35:37]: PyInstaller: 891 INFO: Found C:\Windows\WinSxS\Manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_f47ed0f6f6564d90.manifest
[2018-04-04 00:35:37]: PyInstaller: 891 INFO: Found C:\Windows\WinSxS\Manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f480bfaef65491a5.manifest
[2018-04-04 00:35:38]: PyInstaller: 907 INFO: Adding redirect Microsoft.VC90.CRT version (9, 0, 21022, 8) -> (9, 0, 30729, 6161)
[2018-04-04 00:35:38]: PyInstaller: 1157 INFO: Caching module hooks...
[2018-04-04 00:35:38]: PyInstaller: 1173 INFO: Analyzing ..\Crypter\Main.py
[2018-04-04 00:35:50]: PyInstaller: 13661 INFO: Processing pre-safe import module hook _xmlplus
[2018-04-04 00:35:51]: PyInstaller: 14092 INFO: Processing pre-find module path hook distutils
[2018-04-04 00:35:53]: PyInstaller: 16562 INFO: Loading module hooks...
[2018-04-04 00:35:53]: PyInstaller: 16562 INFO: Loading module hook "hook-distutils.py"...
[2018-04-04 00:35:53]: PyInstaller: 16594 INFO: Loading module hook "hook-sysconfig.py"...
[2018-04-04 00:35:53]: PyInstaller: 16594 INFO: Loading module hook "hook-xml.py"...
[2018-04-04 00:35:53]: PyInstaller: 16812 INFO: Loading module hook "hook-wx.xrc.py"...
[2018-04-04 00:35:53]: PyInstaller: 16812 WARNING: Hidden import "wx._xml" not found!
[2018-04-04 00:35:53]: PyInstaller: 16812 INFO: Loading module hook "hook-httplib.py"...
[2018-04-04 00:35:53]: PyInstaller: 16828 INFO: Loading module hook "hook-_tkinter.py"...
[2018-04-04 00:35:53]: PyInstaller: Execution failed: [Error 6] The handle is invalid
[2018-04-04 00:35:54]: (ERROR): Builder: PyInstaller produced binary was not found. The PyInstaller build probably failed. Check The PyInstaller output for more details
[2018-04-04 00:35:54]: Build finished with error

from crypter.

Hi,

So I tried what you said and created a new VM and the build was successful as opposed to above. This has left a Crupter.exe (9,636 KB) in the bin. looks perfect. Can you explain what happens when I run this, does the encryption start and the decryption key get generated or, as in the video, does it create .pdf and decryption key beside it.

I hope to examine the files (FCIV Etc) pre and post attack and see what has been restored as part of my project. So I would like to use the decryption key as part of my research.

Many thanks.

from crypter.

Great! glad to see it's working :-). I should have done a bit of work with venv to maybe help with these dependency issues... but I didn't know it too well at the time when I was creating this project. As a tip, if you use the UPX packer you can get the filesize down to about 7MB.

If you take a look at the following, it's quite easy to understand. This is taken from the init method of the Crypter class in Main.py, which is pretty much where everything happens.

You can see from this image the steps that are taken, and in what order (I've ignored some of the config stuff here, like disabling Task Manager, deleting shadow copies and such):

1. Check to see if we've already run and encrypted some files, If we haven't:

• Startup the crypto libraries and generate our AES key to use for encryption
  • This also writes the AES key to a file called key.txt in the same directory as the Crypter.exe file
• Scan the file system and get a list of files to encrypt (absolute file paths)
• Iterate through the list and encrypt each file
• Open the Crypter GUI with the ransom message

2. If we've already run and encrypted files:

• Just start the GUI
  • This check is just in case the user closes the GUI and reopens it, so that we don't try to re-encrypt any files.

Hopefully this is of some use :-)

from crypter.

So just to update you on development. I have run and encrypted the file system of my VM. All files were returned to me in perfect condition which I verified using FCIV. As a side note not all files were locked in particular extensions of bib, ris and rdg which was interesting.

If you know of another good site to get another example I'd be very grateful.

Once again thanks for all your help.

from crypter.

I chose the standard doc txt png etc to try and mimic a real user. I also put in some random files just to see what if anything would happen to them such as gherkin VB sh xml and other Hello world files. Also I had bib ( bibliography from refworks) ris ( research document ) and rdg (remote desktop manager group)

I would like an additional piece of ransomware, yes if you could help with that it would be amazing.

Thanks.

from crypter.

Ahh I see! So by default, Crypter encrypts about 50-100 extensions I think. Here's the list:

I'm not sure if you've already seen this (perhaps you've already tried it but had no success), but if you scroll down in the Builder GUI there's an option for "Filetypes to Encrypt". If you want to encrypt filetypes which Crypter doesn't out-of-the-box, specify the extensions as a comma-separated list, like so:

bib,ris,rdg

The only catch with this is that if you do specify some file types here, Crypter will only encrypt those and no others. In other words, it will forget about the default list of filetypes to encrypt (show in the image above) and only encrypt files matching the extensions you specify. Maybe I should change this to be something like "Additional filetypes to encrypt", so that it still encrypts the default ones.

I'm sure I can find something for you :-). Would WannaCry be okay? or have you already looked at this? I'll probably only be able to get the ransomware .exe though. I don't think there's a builder for WannaCry like I have for Crypter.

from crypter.

Ok that makes sense so. Yes wannacry would be fine. I had a good run with your builder so a run with no decryption would be a good research option. Plus I could try online decryption tools if it doesn't come with a key. As I say I just need one more example to run.

Many thanks.

from crypter.

There's a good GitHub repository here which has a bunch of malware samples, including ransomware. Looks like you can get a sample of WannaCry there too :-)

from crypter.

That's great will have a look at that tonight.

Many thanks.

from crypter.

Closing Issue as it has been solved. If you need any assistance or encounter any further problems, feel free to raise another issue :-)

from crypter.