Simple decrypter for Java AdWind, jRAT, jBifrost trojan
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
dist First commit Jan 16, 2017
src/adwinddecryptor Update Jan 17, 2017 Update Jan 16, 2017

AdWind Decryptor

Simple decryptor for encrypted files in the AdWind/jRAT/jBifrost Java RAT.


usage: java -jar AdWindDecryptor
 -a,--aeskeyfile <arg>   AES key file path
 -i,--input <arg>        input file path
 -o,--output <arg>       decrypted output file path
 -r,--rsakeyfile <arg>   serialized RSA KeyRep file path


java -jar AdWindDecryptor.jar -a -r -i -o decrypted-file


This decryptor unserializes an object that is part of the malware. Therefore, it is possible that the the decryptor could get hijacked by the malware. Only use in an isolated environment and with caution.


  • Avoid unserializing the object