The new version of Shellter will be released quite soon, but in the meantime, I have decided to offer an overview of the changes applied.
Even though Shellter VI is not considered a major upgrade, it still brings some updates and enhancements that are very important towards compatiblity, effectiveness, and user-friendliness.
Shellter VI introduces an extra IAT handler method for Stealth mode and encoded payloads support.
The new handler will use a combination of GetModuleHandle/GetProcAddress Windows functions. From a high level perspective this works as LoadLibrary/GetProcAddress method which is already included in Shellter.
However, when it goes down to the detail, by adding this extra combination it means that now Shellter can support Stealth mode for a few more exotic PE cases where none of the other supported IAT handler methods would be available. This brings the total number of IAT handler methods to eight.
To give a real life example, I had quite recently received an email by someone that was trying to use Shellter with some Windows-default executable screensaver files (.scr), which are in reality proper PE files. It appeared that Shellter could not apply Stealth mode with these PE files because they were not importing by default a combination of Windows functions that could be used by Shellter for this purpose.
Intrestingly, by taking a closer look at them, I realized that they were importing GetProcAddress but not LoadLibrary. However, they were also importing GetModuleHandle which for our purposes can be used exactly as LoadLibrary function. Win!
Furthermore, Shellter VI introduces an optional online version check that can be performed directly through Shellter. However, this will not be currently available when using Shellter in Wine mode.
In addition, Shellter VI also includes a lot of other enhancements such as ensuring that the file attributes of the PE target file will not interfere with Shellter’s expected functionality, extra validation checks that apply when using the DTCK feature and other minor, but important internal updates and optimizations
To sum everything up, Shellter VI brings some useful and important updates that make this tool even more powerful and user-friendly.
Cheers,
kyREcon