[HELP]Decrypting

06/26/2012 13:19 [ADMIN]Cryptic#1

Ok I been trying my brains out to decrypt some exe files one of my people made before she just stopped coming online. I am not very experienced at encrypting or decrypting.

So I am willing to pay 50$ to the first one that can decrypt the files I attached. (will be via paypal)

hope someone can help

06/26/2012 13:26 boxxiebabee#2

Trojaner :>
[Only registered and activated users can see links. Click Here To Register...]

06/26/2012 15:49 [ADMIN]Cryptic#3

hmm ok I did not see that coming... is there any chance that the file is harmless and its just a false positive?

If not I need to cancel my offer.

06/26/2012 16:00 Jeoni#4

The Virustotal results could be false positive. All founds are "Generic" ("Gen") / "Behave". This means that the application have some code that a virus have, too. It's not 100% a virus, because maybe the developer needed to code it like this for a good reason.
So it don't have to be a virus, but you can't be sure. ;)

06/26/2012 16:14 [ADMIN]Cryptic#5

could it be the encryption that could do it ?

06/26/2012 16:52 Jeoni#6

If it's a runtime decrypt methode then it could be that what causes the false positives (in case that they're really false).
Why do you want to decrypt this? If it works now (runtime decryption) you can use it and if it doesn't works, why the scanners makes noise for this application?

06/26/2012 17:20 MrSm!th#7

Of course VT shows false positives, it's typical for malware to be crypted.

06/26/2012 20:23 [ADMIN]Cryptic#8

Quote:

Originally Posted by Jeoni

If it's a runtime decrypt methode then it could be that what causes the false positives (in case that they're really false).
Why do you want to decrypt this? If it works now (runtime decryption) you can use it and if it doesn't works, why the scanners makes noise for this application?

because it connects to an IP that no longer exist I need to change the IP to get it to work.