Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • This topic is locked This topic is locked
1 reply to this topic

#1 Paradox Unlimited

Paradox Unlimited

  • Banned
  • 42 posts
  • Local time:11:52 PM

Posted 28 July 2015 - 03:19 PM

  1. as you might be aware the private key is used in the RSACryptoServiceProvider class .net and
  2. files are encrypted with AES-256 bit using the RijndaelManaged class.
  4. This is the structure of the encrypted files:
  6. - 32 bit integer, header length
  7. - byte array, header (length is previous int)
  8. *decrypt byte array using RSA & private key.
  10. Decrypted byte array contains:
  11. - 32 bit integer, IV length
  12. - byte array, IV (length is in previous int)
  13. - 32 bit integer, key length
  14. - byte array, Key (length is in previous int)
  16. - rest of the data is the actual file which can be decrypted using Rijndaelmanaged and the IV and KEY

BC AdBot (Login to Remove)



#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,742 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:52 AM

Posted 28 July 2015 - 04:31 PM

You already asked your question in this topic. Please do not start new threads or duplicate topics as this causes confusion and necessitates staff spending time with housecleaning to remove or close those duplicate postings. In cases of ransomware infections, rather than have everyone start individual topics, it is best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that support topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users