Hyperion

Hyperion is a runtime crypter. It accepts Windows portable executables (PE) as input and transforms them into an encrypted version (preserving its original behaviour). The encrypted file decrypts itself on startup and executes it’s original content. This approach provides a protection of binaries against reverse engineering.

Runtime crypter are also mandatory for security experts because they allow the deployment of malicious executables in protected environments: A pattern based anti virus (AV) solution detects the signature of suspicious files and blocks their execution. The encrypted counterpart contains an unknown signature, it’s content can not be analysed by heuristics and is therefore executed normally without an intervention by the AV scanner.

Hyperion can be built the following way:

  1. Download and unzip the latest Hyperion Release.
  2. Download a C compiler and GNU Make. We recommend MinGW.
  3. Add MinGW to your environment $PATH variable and start a shell.
  4. Enter the Hyperion directory and invoke make (in case of MinGW "mingw32-make").
  5. When the build process is finished, start Hyperion using the command "hyperion.exe --help".

The following features are implemented:

  • 100% open source software (BSD license) which allows commercial usage. Documentation is available here.
  • Encrypts 32-Bit and 64-bit windows executables.
  • Uses an AES-128 encryption algorithm.
  • Encryption key is not stored inside the executable. An encrypted file brute forces the key on startup making it impossible for AV software to decrypt the file using static analysis.
  • Written in C and Assembler.

You need adjustments, new features or help in general regarding Hyperion? Feel free to contact us.

Downloads

Hyperion 2.2 Source Code

Documentation

Concept and Implementation
Encryption of .NET Executables