Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Problmes of Teslacrypt V2 decryption with BloodDolly tool

  • This topic is locked This topic is locked
3 replies to this topic

#1 Jackleventreur


  • Members
  • 2 posts
  • Local time:06:58 PM

Posted 12 December 2016 - 03:22 PM

Hi the community


Been trying to follow the steps of BloodDolly tutorial to decrypt all infected files with extension .vvv (Teslacrypt V2). Special thanks to my 12 y/o son...

All instructions followed as they should (?)

But at the end, when using the Yafu factorX64 tools supposed to display the list of factors, it shows the following :


***factors found***

C115 = 3227857776454594174987475531309791655736192929601723862033809356093762314

ans = 32278577764545941749874755313097916557361929296017238620338093560937623148

And it didn't work at all with TeslaDecoder


The keys obtained with TeslaViewer are the following :


= PrivateKeyBC =

hex 10A1A4077C21D6ACFAB58DD84E425F7260D2C5768740BAF06F94DFC7AE2E9435FBF71EDC25A239807025EA50B2406C9365A9D3C1921CAB45FF1ED4DCDEBC5B32
dec 871057575470452389427199771980992408088017771494344947775095963129591877154425887152876109067976756476331555405307425714650728011287192737783463035034418

PrivateKeyBC =
PublicKeyBC = 04433AF4ABB94F9B4379E5A4C16732ACEF0B09086EA88FEC18664DC2A230CC2481FA2F644B4BC9EA7EE9CBD032C9264E0F43A11269C4964319CFEF0B54EA28F07F

= PrivateKeyFile =

hex 4524874DF2AD7101DACC4B10EB1DC49376724B4D13A757E6947992B6542F7896B6E2E66FB7EFE2ACD95FC1E64543DD5206D38F61EAF920774FF47FEFE8802644
dec 3621296490948933892290195954572195139047199555086338271661220552494654495667147040277042345097222199792925092080264924652525532002131898215821433083274820

PrivateKeyFile =
PublicKeyFile = 04FEE40B42AB7D4EA327DAF2832F4AE3B34BD0B790BE9554A5DDDD2D20EA223F9E85F8CB130448717E3B71AC896E3704CBC2DA09CDBDA542B71317CAEB14948AA2

Anyone to help me ?





BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,580 posts
  • Gender:Male
  • Location:USA
  • Local time:11:58 AM

Posted 12 December 2016 - 03:32 PM

You did not fully factor the number, it is still a C115 (C = Composite). Most likely, your yafu gave up after ECM and did not go into NFS due to tuning.


I do not have a computer available for a C115, but I will be able to factor your PrivateKeyFile quickly. I will edit this post in a few minutes with the key.




PrivateKeyFile: 5B21F10A41C087C9D85EB3CEEA4274B285F7FFA1A530B667348FE4A7D0EEB6E1


If TeslaDecoder skips any files with this key, you will need to post in the support topic for someone to pickup your PrivateKeyBC case.

Edited by Demonslay335, 12 December 2016 - 03:37 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 Jackleventreur

  • Topic Starter

  • Members
  • 2 posts
  • Local time:06:58 PM

Posted 12 December 2016 - 06:03 PM

Wow !

Your key worked !

just finished cleaning my computer.

Thanks Demonslay 335

I've been trying hard for many months.

How did you get that key ?

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,953 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:58 PM

Posted 12 December 2016 - 06:27 PM

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the below support topic.To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users