Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About HaQue

  • Rank
    New Member

Profile Information

  • Gender
    Not Telling
  1. Nice work! this version decrypts perfectly Thank you very much! There were no malware samples left on the box, and a fresh install of Norton 360. Thanks again, Brian
  2. This was at a PC Shop before I got it, so not sure what they did. I will have a look for the dropper/infector after I research what this one uses. Thanks again
  3. Great, Thank you. Further to this... I still have the victim machine. the user had saved some .msg files with attachments, so I was able to extract some original files, match them with encrypted ones and verify it is the same XOR key, and can manually restore files. I was worried the version of winxp may have been slightly different and some minor changes in the headers of the bitmap may have been an issue - but this appears to not be the case. Finding that writing a similar tool is not as quick and easy as I thought it would be ;-)
  4. Hi, First, thank you all for your great work. Must be a great feeling to be kicking the Malware authors down a few notches I have a case of Nemucod I am recovering for a colleague on a.. (I know!) Win XP box! (I laughed.. then felt sad...). I was very happy to see the great work by Fabian and tried the latest decryptor version The key was found ok, but during the decryption all files reported in the log as "File could not be decrypted properly. Skipping ..." Not sure if the option to use a custom key is supposed to work, but during trying to remedy, I could not tick t
  • Create New...