Xencrypt

• PowerShell crypter v 1.0

In action

Description

Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn’t it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based antivirus detection mechanisms?

WELL, NOW YOU CAN! For the low low price of free! Xencrypt is a PowerShell crypter that uses AES encryption and Gzip/DEFLATE compression to with every invocation generate a completely unique yet functionally equivalent output script given any input script. It does this by compressing and encrypting the input script and storing this data as a payload in a new script which will unencrypt and decompress the payload before running it. In essence, it is to PowerShell what a PE crypter is.

Features

Xencrypt:

• Bypasses AMSI and all modern AVs in use on VirusTotal (as of writing)
• Compresses and encrypts powershell scripts
• Has a minimal and often even negative (thanks to the compression) overhead
• Randomizes variable names to further obfuscate the decrypter stub
• Randomizes encryption, compression and even the order that the statements appear in the code for maximum entropy!
• Super easy to modify to create your own crypter variant
• Supports recursive layering (crypter crypting the crypted output), tested up to 500 layers.
• Supports Import-Module as well as standard running as long as the input script also supported it
• GPLv3 – Free and open-source!
• All features in a single file so you can take it with you anywhere!
• Is despite all of the above not a silver bullet for every configuration – caveat emptor!