Skip to content

Cyberclues/nanolocker-decryptor

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
NanoLocker_Decryptor.cpp
 
 
README.md
 
 

README.md

nanolocker-decryptor

Decryption tool for NanoLocker ransomware files

Tested on versions 1.27 and 1.29 of NanoLocker

sample hash 1 (ver 1.27) : c1cf7ce9cfa337b22ccc4061383a70f6 sample hash 2 (ver 1.29) : fce023be1fb28b656e419c5c817deb73

Precondition: a copy of the NanoLocker digest file in state 1 or 2 is required. This file is kept in %LOCALAPPDATA%\lansrv.ini in the studied version, with hidden attribute set.

State 1 or 2 can be determined by the value of the first byte in the lansrv.ini file. Interuption of the encryption process during stage 2 (encrypting target files) will result in a lansrv.ini file stuck in state 2. This could be achieved with a hard power-down, followed by deleting lansrv.exe and/or the persistence key (HKCU\SOFTWARE\Microsoft\CurrentVersion\Run\LanmanServer).

For more details see http://blog.malwareclipboard.com/2016/01/nanolocker-ransomware-analysis.html

Usage:

NanoLocker_Decryptor.exe <encrypted_file> <output_file> <ini/state tracking file>

About

Decryption tool for NanoLocker ransomware files

Resources

Readme

Stars

4 stars

Watchers

2 watching

Forks

6 forks

Releases

No releases published

Packages

No packages published

Languages