Jump to content

Win32.DN

Member
  • Posts

    2
  • Joined

  • Last visited

Everything posted by Win32.DN

  1. Unfortunately, legit decryptor does not help the difficult part. The difficult thing is factoring the "PRIVATEKEY" which is different per users.
  2. My friend became the victim and I reversed uploaded "unlock.exe" yesterday. The 36 (0x24) bytes variant is actually based on Cry9. I already understand (i hope) how the unlocker decrypts the files. The problem is factoring the AES128 key (and 0x1000+ bytes additional table), which looks to be different per the victim. Maybe Fabian knows better about this part (or he is stuck at the same point). I will look more when I have more time but don't expect good news from me.
×
×
  • Create New...