Jump to content

Win32.DN

Member
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Unfortunately, legit decryptor does not help the difficult part. The difficult thing is factoring the "PRIVATEKEY" which is different per users.
  2. My friend became the victim and I reversed uploaded "unlock.exe" yesterday. The 36 (0x24) bytes variant is actually based on Cry9. I already understand (i hope) how the unlocker decrypts the files. The problem is factoring the AES128 key (and 0x1000+ bytes additional table), which looks to be different per the victim. Maybe Fabian knows better about this part (or he is stuck at the same point). I will look more when I have more time but don't expect good news from me.
×
×
  • Create New...