Hyperion is a runtime crypter. It accepts Windows portable executables (PE) as input and transforms them into an encrypted version (preserving its original behaviour). The encrypted file decrypts itself on startup and executes it’s original content. This approach provides a protection of binaries against reverse engineering.
Runtime crypter are also mandatory for security experts because they allow the deployment of malicious executables in protected environments: A pattern based anti virus (AV) solution detects the signature of suspicious files and blocks their execution. The encrypted counterpart contains an unknown signature, it’s content can not be analysed by heuristics and is therefore executed normally without an intervention by the AV scanner.
Hyperion can be built the following way:
The following features are implemented:
You need adjustments, new features or help in general regarding Hyperion? Feel free to contact us.