Octopus is mainly an executable file crypter, although it offers many other functions.
You can use it, for example, to protect an executable file, completely hiding its actual structure and code from analysis tools, debuggers and antivirus software, while maintaining its original functionality.
You can also use it to bind together multiple files inside a single, encrypted .exe container, which will decrypt and run all bound files on runtime when it gets executed.
A file crypted with octopus will:
execute and work just like before;
be invisible to antivirus engines;
be considerably harder to get analyzed, cracked and/or reverse engineered;
on user's choice, avoid analysis by various tools such as debuggers, virtual machines, sandboxes etc.
But this program offers a wide range of functionalities, not limited to file encryption. With Octopus you can also:
Bind (and crypt) together multiple files of any type inside a single executable; you can choose where to drop them and whether to execute them. You can also choose for each file if you want it to drop/execute it if Octopus detects the presence of an analysis environment or tool;
Clone icon and version info from any file to your encrypted file;
Download, and on choice execute automatically, files from internet via a fixed URL;
Make your program run on each system restart;
Automatically copy your file to connected writable memories, such as USB, external HDDs and memory cards;
Execute encrypted file after a chosen time delay;
… and more!
You can use togheter all the functions you want, the final output will always be a single, undetected executable file, which, with just a simple double-click, will perform all the actions you have chosen.
Octopus stubs are sold Fully UnDetected by antiviruses ( 0/35 using scan4you.net).
Each stub you get is unique, differently obfuscated each time, built and revised directly by the developer before being sold.
Octopus is coded in C,C++ (stub) and Delphi (builder). First version, 1.0, was completed in september 2009 and since then many updates have been done to the program. While 1.x series were written in Visual Basic 6, I decided to rewrite from scratch the new version, to be able to code and use more advanced techniques which are not possible to do in VB6.
Octopus has been used and tested successfully on:
any Windows from XP to 10, both 32 & 64 bit.
Both stub and builder are programmed to be independent and stand-alone, not requiring any other dependency other than those offered by the system by default (which come with a basic Windows installation).
Not only the input files and program settings are differently encrypted on each build, but also a part of the stub itself. In fact, Octopus v2 uses 2 loaders, Stub.exe and Stub.dll. Stub.dll gets encrypted togheter with the other input data, and contains the core crypter functions. Anti-Viruses are unable to analyze it, since it stays crypted like your files.
The only thing AVs can analyze is the Stub.exe file, which is nothing more than a decrypter and memory-loader for the encrypted DLL code.
Each stub.exe you buy is unique, undetected differently each time with an automatic self-made C++ code obfuscator I programmed to do the job. I always revise manually each stub, to verify that it is undetected and working with a good performance.
The Octopus builder will crypt input files and configurations with RC4 algorithm using a random-bytes, random-lenght encryption key. You have also the option to enter your own encryption password. The actual process in which the builder and stub write/read data is kept secret.
Stub.dll is around 12 kb big, while stub.exe has a variable length, around 30-100 kb, due to the amount of obfuscation.
- Unlimited file number support: Join together how many files you want.
- Working with all file types: .exe, .doc, .jpg, etc.
- Direct memory execution: If you choose this option, your executable file will be executed directly in memory, without being dropped to hard disk.
Warning: memory execution works only with executable files (.exe, .scr ...)! For other file types, you must use the drop and execute option!
Warning: if you use the drop option, file will be decrypted before being dropped (scantime crypt only)! If you want the dropped file to still be crypted/undetectable, then crypt it using memory execution, save it, then bind it using dropping option.
- Selective execution when under analysis: Check/ Uncheck the flag on he left of each file to decide wheter that file will be decrypted or not when inside a detected analysis environment. You can select the analysis environments you want to detect by checking the appropriate flags in the Anti-Analysis tab.
Unchecked flag (default): this file will not be executed under a selected analysis environment.
Checked flag: this file will be executed also when under a selected analysis environment.
Warning: Self-Terminate option under “Anti-Analysis” tab will take priority on selective execution and will instantly shut down the whole program before any action (except MessageBox if enabled) is performed. If you want to make only some files execute when inside analysis environment, make sure that Self-Terminate option is disabled.
the program will spread itself to all drives (Removable hard drives, USB drives, memory cards etc.) connected to the computer. An autorun.ini file is created to execute the server automatically when the drive is opened. If you check the “Hide files” option, then the spreaded file and the Autorun.ini file will be hidden as a hidden, system file with readonly attributes. You can also choose a different name for the copied file.
Unlimited file number support (multidownloader)
Any file type supported.
The downloader will download chosen files from the specified URL to the specified directory. Then you can choose if it must also execute file or not. You can download and execute any file type (executables but also pictures etc.)
Downloader can be useful if you want Octopus to execute files without adding size to stub.
You can display a custom MessageBox on program start, or when an analysis environment is detected.
This is the only action the program does before the time delay (if there is).
No external dependencies needed: Neither the stub nor the builder need any external dependency (except standard Windows system dlls) and are programmed to run under Windows XP, Vista and 7.
Shell parameters support: Octopus is compatible with programs that need to be executed with command line parameters.
EOF Data support: This crypter is compatible with applications which store data/settings at End Of File (for example Bifrost). By the way some applications have got EOF data but they don't need it to store settings, so EOF preserve option can be disabled without corrupting the application.
Icon / Informations resource cloner: Clones icon, informations, or both, on your choice, from desided input file to output file.
Online authentication mechanism: Octopus will check online if the licence is authorized. This is a read-only operation and no information is transmitted remotely, except licence name and code. In case of suspicious chargebacks or scams, Builder will be locked and stub distributed to antivirus companies.
Anti-Analysis: Octopus will self-terminate if run under selected environments. You can choose the action for Octopus to perform if an analysis environment is detected: showing a custom messagebox, self terminate, or both.
Detected programs compatibility
Octopus Crypter is generally compatible with any file ( with the exception of some already packet / protected / encrypted executables).
But here we focus on the ability of Octopus to make any detected software invisible to any AntiVirus.
This is a small list of some Remote Administration Tools and similar kind of surveillance software, which is commonly detected by AntiVirus engines.
All the software in the list below have been successfully proven compatible with Octopus, which is able to make any of them invisible to detection tools.
By the way, this is a very short demonstrative list which should be used just as an example of how Octopus can make undetectable to antiviruses even the most common malwares:
Bandook V1.9 Private Edition
By the way Octopus should be compatible with any common file, except sometimes if they are already protected / packed / encrypted.
Frequently Asked Questions
Q: I encrypted a program which is programmed to restart with Windows each time, but the file I bound with it gets executed too.
A: When you install a program which sets itself to run on each windows startup, for example a RAT backdoor, installed file will sometimes be a copy of file which has been run (so if you binded more files, they will be run also on startup)
This is a good technique to avoid this (for any binder or crypter):
Build a single encrypted “autorunned” file, using memory run;
Clear binder list;
Bind the previously created crypted autorunned file with legit file/s, using drop & execute.
Example of Virus-Scan:
I (the author) will not be held responsible for any use you make of this program.
You (the user) are responsible of the proper use of it; I will not be liable for any kind of use or damage caused to yourself or other people. Use it at your own responsibility and risk.
In order to use my software, you must accept the conditions described in this disclaimer.
Aside from this, have fun! ;)