A forum for reverse engineering, OS internals and malware analysis 

Search found 4 matches

 Go to advanced search

Re: File Encrypting Ransomware

 by Dany3j ¦  Sun May 19, 2013 3:08 am ¦  Forum: Malware ¦  Topic: Win32/Harasom (File Encrypting Ransomware) ¦  Replies: 24 ¦  Views: 30001

Thank you, very good job.

Re: File Encrypting Ransomware

 by Dany3j ¦  Sat May 18, 2013 3:38 am ¦  Forum: Malware ¦  Topic: Win32/Harasom (File Encrypting Ransomware) ¦  Replies: 24 ¦  Views: 30001

@reverser Is the key different for every client?


I am attaching a sample files, original and encrypted. I used he sample posted by Xylitol.

Re: File Encrypting Ransomware

 by Dany3j ¦  Fri May 17, 2013 2:06 pm ¦  Forum: Malware ¦  Topic: Win32/Harasom (File Encrypting Ransomware) ¦  Replies: 24 ¦  Views: 30001

Some way to decrypt the files?

Re: Batch - Heuristic registry key deletion

 by Dany3j ¦  Tue Dec 18, 2012 1:53 pm ¦  Forum: User-Mode Development ¦  Topic: Batch - Heuristic registry key deletion ¦  Replies: 5 ¦  Views: 6820

Hello.

Used to escape special characters, to work within a lower level, such as within a FOR.

Example code:

Code: Select all
echo off
FOR /F "TOKENS=*" %%A IN ('REG QUERY HKEY_LOCAL_MACHINE\Software\Classes ^| findstr /i "crossriderapp"') do (echo %%A) 
pause
Sorry for my English. ;)