IS THIS THE METHOD?????
@devs, as you might be aware the private key is used in the RSACryptoServiceProvider class .net and files are encrypted with AES-256 bit using the RijndaelManaged class.
This is the structure of the encrypted files:
- 32 bit integer, header length
- byte array, header (length is previous int)
*decrypt byte array using RSA & private key.
Decrypted byte array contains:
- 32 bit integer, IV length
- byte array, IV (length is in previous int)
- 32 bit integer, key length
- byte array, Key (length is in previous int)
- rest of the data is the actual file which can be decrypted using Rijndaelmanaged and the IV and Key
How do I know what the METHOD and CLASS of this virus is??
How do I find its IV ?????
Edited by hamluis, 31 July 2015 - 09:54 AM.
Moved from MRL to Gen Security - Hamluis.