Wednesday, 16 March 2011

WinLocker Builder v0.2/v0.3 - Cracking Generated winlocks

Interesting thing today, surfing on the web and i've found a 'winlock generator' by chance.
According to the date of the post who describ the generator it's not really old, so i've investigated this.

The 'winlock builder':

Inside olly, taked me two mins for defeat it

Method is generic for find unlocks code generated with this 0.2 version.


Version v0.3
Routine, same as the v0.2:

VAN32 found:

443kb ransomware a really huge compared to WinAD and other usual threats.
These generated winlock remind me this one: private_brute.exe i've lost the sample but the code remind me something familiar


  1. It's constructor and created winlock will be detected Dr/Web

  2. On comment à arriver sur quelque chose d'assez gros là...
    good job dude