home

decrypt_dorifel.exe

Trojan-Ransom.Win32.Dorifel decrypter

Emsisoft GmbH

Publisher:
Emsisoft GmbH  (signed and verified)

Product:
Trojan-Ransom.Win32.Dorifel decrypter

Description:
Decryption tool for Trojan-Ransom.Win32.Dorifel

Version:
1.6.0.24

MD5:
076ff5f8c024f9ff344646049b412044

SHA-1:
6603cea315b9371fb8c8cd324ccda7546e641db0

SHA-256:
9a2454719cd116e32832360d73982280682ec302eb2dd203705d00b6ae2c1c2c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 6:27:33 AM UTC  (today)

File size:
627.5 KB (642,584 bytes)

Product version:
1.6

Copyright:
(C) 2012 Emsisoft GmbH

Original file name:
decrypt_dorifel.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\decrypt_dorifel.exe

Digital Signature
Signed by:
Emsisoft GmbH

Authority:
DigiCert Inc

Valid from:
4/11/2012 7:00:00 PM

Valid to:
6/16/2015 7:00:00 AM

Subject:
CN=Emsisoft GmbH, O=Emsisoft GmbH, L=Thalgau, C=AT

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D264BA95F92C7A55D53EC2B551DE980

File PE Metadata
Compilation timestamp:
9/3/2012 9:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
12288:bqkzqjfHl75Vq/Qhtr+P+LRt8PQOGxfe7ko888888888888W88888888888SWX:ngfHl75fr+P+Nt84ZOkbu

Entry address:
0x4073C

Entry point:
55, 8B, EC, 83, C4, C4, 33, C0, 89, 45, D4, 89, 45, DC, 89, 45, D8, 89, 45, EC, 89, 45, E8, A1, 1C, 22, 44, 00, C6, 00, 01, B8, 48, D1, 43, 00, E8, 0F, 9B, FC, FF, 33, C0, 55, 68, 4E, 08, 44, 00, 64, FF, 30, 64, 89, 20, 8D, 55, D8, 33, C0, E8, E7, 3D, FC, FF, 8B, 45, D8, 8D, 55, DC, E8, 60, F3, FC, FF, 8B, 55, DC, 8D, 45, E8, E8, 05, 66, FC, FF, E8, AC, 0D, FD, FF, DD, 5D, E0, 9B, FF, 75, E4, FF, 75, E0, 8D, 45, EC, BA, 68, 08, 44, 00, E8, 55, 1A, FD, FF, 8D, 45, D4, 50, 8B, 45, E8, 89, 45, C4, C6, 45, C8...
 
[+]

Entropy:
6.3289

Developed / compiled with:
Microsoft Visual C++

Code size:
252 KB (258,048 bytes)

The file decrypt_dorifel.exe has been seen being distributed by the following URL.

http://blog.seguridadweb.org/wp-content/uploads/2012/.../decrypt_dorifel.exe

Scan decrypt_dorifel.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.