Skip to content

Cyberclues/poshcrypt_decrypt

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

poshcrypt_decrypt

Decryption Script for Powershell Ransomware fed from 21e1a87bd0418381a1bc8df088ee5c91.

Modified to allow arbitrary salt via cmd line (ref change in 9fe45fc4c402932248cd2c26b65f883d)

Decrypt script for flawed encryptor 'ransomware' powershell script being delivered by the above CHM. For details (including how to identify salt value) see: http://blog.malwareclipboard.com/2015/09/how-to-fail-at-ransomware.html

Usage: Powershell.exe -ExecutionPolicy Bypass -file poshcrypt_decrypt.ps1 -filename <encrypted_file> -origsalt <salt from encrypt/ransom script>

About

Decryption Script for Powershell Ransomware fed from 21e1a87bd0418381a1bc8df088ee5c91

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published