Skip to content

@0x00000FF 0x00000FF released this Apr 8, 2017 · 17 commits to master since this release

Added setting function of user customized value for further variants

it changes memory of TH12 ~ Undefined Fantastic Object for making rensenWare to do decryption.

DO NOT TRY TO OTHER BUILDS OF RENSENWARE IF YOU ARE NOT SURE IT'S INITIAL VERSION OF RENSENWARE. INITIAL VERSION OF RENSENWARES DOES NOT HAVE MEMORY MANIPULATION DETECTING LOGIC, BUT OTHER BUILDS MAY HAVE IT.

VirusTotal for original version of rensenWare :
https://virustotal.com/ko/file/7bf5623f0a10dfa148a35bebd899b7758612f1693d2a9910f716cf15a921a76a/analysis/1491487316/

VirusTotal for THIS :
https://virustotal.com/en/file/3ceda8fca9bb42ea537ab5f8f58044fdbb14e1f29a05df0ffb66901e52b368fd/analysis/1491628924/ (misdiagnosed by CrowdStrike Falcon (ML))

Assets 3
You can’t perform that action at this time.