Exetools  

Go Back   Exetools > General > Source Code
Reload this Page Paradise ransomware source code by vx-underground
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-24-2021, 02:22
CodeCracker CodeCracker is offline
VIP
  
Join Date: Jun 2011
Posts: 905
Rept. Given: 68
Rept. Rcvd 660 Times in 278 Posts
Thanks Given: 64
Thanks Rcvd at 3,819 Times in 717 Posts
CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699
From my analyzes of the ransom globeimposter, this ramsoware uses RSA-2048 and AES-128, as far as I know there is no plain text attack of AES-128, and AES key is just some random bytes initialized at execution time; and the key will differ on each run.
So still don't know how the decryption is possible.
Reply With Quote
  #2  
Old 06-24-2021, 03:21
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
  
Join Date: Jun 2009
Location: Archives
Posts: 198
Rept. Given: 20
Rept. Rcvd 144 Times in 43 Posts
Thanks Given: 74
Thanks Rcvd at 426 Times in 90 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
Maybe it was possible for the older versions.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomahawk's Source Code Paradise TomaHawk Source Code 16 02-20-2017 21:49
VB6 N-CODE - Stop any servive and Start any APP-Release and Source Code wilson bibe General Discussion 5 04-10-2013 00:23


All times are GMT +8. The time now is 14:50.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )