safety 8 Posted September 16, 2017 Share Posted September 16, 2017 Tell me, please, can I use the / a option to define the decryption key for several encrypted files? Quote [2017.09.16 17:05:41.495] - Usage: [2017.09.16 17:05:41.495] - ESETFilecoderQCleaner.exe [options] <filename(s) or directory name(s)> [2017.09.16 17:05:41.495] - [2017.09.16 17:05:41.495] - Options: [2017.09.16 17:05:41.495] - /s - Silent mode. [2017.09.16 17:05:41.495] - /f - Forced clean. [2017.09.16 17:05:41.495] - /d - Debug mode. [2017.09.16 17:05:41.495] - /n - Only list files for cleaning (don't clean). [2017.09.16 17:05:41.495] - /h or /? - Show usage. [2017.09.16 17:05:41.510] - [2017.09.16 17:05:41.510] - /a - detect key for encrypting; put some encoded files (best doc(x) or xls(x) files) in one directory; start with *'s keys [2017.09.16 17:05:41.510] - /b - use external keyfile "decoder.keys" [2017.09.16 17:05:41.510] - /k [num] - use key How to use this option correctly? and what information can I get with this? If possible, please show a specific example. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted September 16, 2017 Administrators Share Posted September 16, 2017 Please contact samples[at]eset.com and provide: - examples of encrypted Office documents - payment info - ELC logs Link to comment Share on other sites More sharing options...
safety 8 Posted September 18, 2017 Author Share Posted September 18, 2017 (edited) On 16.09.2017 at 11:39 PM, Marcos said: Please contact samples[at]eset.com and provide: - examples of encrypted Office documents - payment info - ELC logs Dear Marcos, I know that Virlab can calculate the key for several encrypted (office) documents. :). And I once asked for help with the decryption of files after Xorist / Filecoder.Q.I'm wondering if it's possible to calculate the decryption key yourself using the FilecoderQCleaner utility using the "/ a" option ? Edited September 18, 2017 by safety Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted September 18, 2017 Administrators Share Posted September 18, 2017 I have no clue. Please email the above mentioned stuff to samples[at]eset.com and they will answer you. Link to comment Share on other sites More sharing options...
safety 8 Posted September 21, 2017 Author Share Posted September 21, 2017 In the log we see that the decoder is running in the key detection mode, but the key does not explicitly find, and therefore the decryption of the files that are added to the test folder is impossible. [2017.09.21 15:01:55.705] - INFO: Init: CleanerMode(DetectKeys) [2017.09.21 15:01:55.707] - INFO: Init: Generating test vectors... [2017.09.21 15:01:55.997] - INFO: Looking for infected files... [2017.09.21 15:01:55.997] - -------------------------------------------------------------------------------- [2017.09.21 15:01:55.997] - [2017.09.21 15:01:56.037] - -------------------------------------------------------------------------------- [2017.09.21 15:01:56.040] - INFO: 6 infected files found. [2017.09.21 15:01:56.043] - INFO: 0 file(s) cleaned. [2017.09.21 15:02:03.992] - End Link to comment Share on other sites More sharing options...
Recommended Posts