Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : Hello, I have been combating the CryptorBit Infection for months now. The infection encrypts the first 1024 bytes in the file, and puts it at the end of the file and does this until every file on the victims computer is corrupted. I have created a fix for some files that will rebuild their headers and give the victim back the file, but of course this only works on the files that the encryption didn't bleed into unique data. Thread to where the topic first started and lead to the tool being made http www.bleepingcomputer.com forums t 517689 howdecrypt-or-cryptorbit-encrypting-ransomware-500-usd-ransom-topic Guide on how to use the tool and information on the infection http www.bleepingcomputer.com virus-removal cryptorbit-ransomware-information No sample has been found yet for this virus, but i have had over 6 different Decrypters for the virus now. The Decrypters are a exe that was sent to the victims upon paying 1 BTC to the malware author. Upon receiving the decrypter, i was thrilled. I have dealt with a lot of the new Crypto generation of viruses these days, and at least now i could open it up in IDA and get the Yes or No answer on if i could make a fix for these victims. Upon opening it in IDA i grew frustrated. This Decryption exe was obfuscated with a personal packer, And it was like nothing i had ever seen before. Days and days of looking at this mess didn't get me much of anywhere. Now, im not a pro by any means at Reversing a exe, or assembly language, But i have learned enough in the past to reverse malicious applications to create a quick fix for them. I simply cannot wrap my head around this type of obfuscation, for me it is extremely difficult to tell what is garbage and what is a function. What i have found is the offset to the encryption key in the exe. The key is 8 Bytes and postioned at 0x0000CD0D or 0x0040DB0D VA , and it is used at 0x00409068 where it is pushed onto the stack. This is why i'm calling for help, because i think this has gotten out of my current knowledge. I would love to continue helping these victims, and get all their files back. I also wouldnt mind making a generous donation to anyone who would want to take the challenge of reversing this exe. Please let me know if anymore information is needed and thank you for your time. EDIT Forgot the Link to the Decrypter https www.dropbox.com s xg5qlyvphzive6j CryptorBit_Decrypter.exe This exe is in no way malicious other than the fact it came from a malware author. I have ran it numerous times in memory with no ill effect. submitted by DecrypterFixer link comment

Les mots clés de la revue de presse pour cet article : reversing
Les videos sur SecuObs pour les mots clés : reversing





Les derniers articles du site "Reverse Engineering" :

- An infection by malware such as BlackEnergy on any vital infrastructure system has the potential to be catastrophic
- BestDatingSite CLICK IneedSEEEX for ReverseEngineering
- Triton DBA framework - Version 0.3 is out with a new design
- Reverse engineering Google Nest Devices
- Reversing the Dropcam, Part 3
- X-Post r theinternetofshit Hardsploit-The essential security auditing tool for Internet of Things devices you'll need in your toolbox
- PhishXposed Online service that analyzes suspicious Emails and facilitates the quick detection of phishing emails and malicious attachments.
- 22 Ransomware Prevention Tips The State of Security
- Love your country, but never trust its government
- You Compiled This, Driver. Trust Me .

---

S'abonner au fil RSS global de la revue de presse

---