REVERSING SESSIONS Hasherezade Crackme 2017 Solution - NOT is a malware file at hybrid-analysis, is a clear executable that uses tricks that AV detects as dangerous, ;) BadRabbit Vaccine using Mutex against BadRabbit (first version). MD5: 2468e5c5d2a678ade074a92c2897cd07 SHA1: 299998fd6acebbae314391b8a0a2f62a1103aeb2 - USE under your responsability, ;) Some AV can detect it as a malware because i use the same algorithm to calculate the hash. Anyways only download from here or check the MD5 or SHA1 hashes. Password: poisoncarrot Ordinypt Malware Report MD5: ced0f90e17557c0e58835810cfccfa18 SHA1: 5196d5204054fc7d72db7ab96004fe364d4422f7 RunningRat Report maked in only one day in a quick rush, ;) Have connection with the APT GoldenDragon. MD5: 7aa6c317b6ad69d2433474a414e4a529 SHA1: ccd27ad397df5e332386cf8cc63de06b1aaaf518 Have Yara rules to detect it in disk and memory and one IOC of Mandiant. My POC of exploit CVE-2017-11882 in PDF Format. Read inside from more information. MD5: c577d8afb2608abd37fa77743342ddc3 SHA1: 255c89759a75e74184c8dd6c432446b6d9b6e0ae - Thank you, :) My POC of exploit of Process Doppleganger from Blackhat from Ensilo. My POC works in 64bits, you need use in a 64bits system, the victim can be any file of 32 or 64 bits, but the bad file need be of 64bits. It is a problem with the PEB and WOW64 but with time i will try fix it. HASH MD5: 208d9be16804b8ab516b3c500a0e9fc4 HASH SHA-1: 579506f0e72101412ffe74bd6f8a78ca7c210f6b. Remember that CANT USE in Windows 10 or you will have a BSOD because a null pointer exception. The password of the file is infected. GandCrab v4.x Vaccine 64 bits using a mistake of design from GandCrab creators. Waiting for your new version dudes, ;) MD5: 4dcbfee78938ac40c2ed6ddead84478c SHA1: c1519e70c9d5cb0d7f8d63da82e03dc7b99321ed Before of use read the readme! USE under your responsability, ;) Some AV can detect it as suspicious for the code but it is clean and if you don´t believe me.. reverse it! Always download from here or check the MD5 or SHA1 hashes of the zip file. Password: Valthek GandCrab v4.x Vaccine 32 bits using a mistake of design from GandCrab creators. Waiting for your new version dudes, ;) MD5: 4948fd7c29d958cff6ca53e09bc0ac04 SHA1: 190512001815ab06e4024d84a971b80e0f1e7e48 Before of use read the readme! USE under your responsability, ;) Some AV can detect it as suspicious for the code but it is clean and if you don´t believe me.. reverse it! Always download from here or check the MD5 or SHA1 hashes of the zip file. Password: Valthek GandCrab v4.x and 5.x(?) Vaccine 32 bits using a mistake of design from GandCrab creators. Waiting for your new version dudes, and please that works in XP, :P XPSPRINT.DLL don´t exists in Windows less of Windows 7, ;). Nice copy & paste exploit. MD5: e4b0205571262648100cdf29037077c6 SHA1: 1e9086426803dfe975b5ab9840732d74eacaf468 Before of use read the readme! USE under your responsability, ;) Some AV can detect it as suspicious for the code but it is clean and if you don´t believe me.. reverse it! Always download from here or check the MD5 or SHA1 hashes of the zip file. This version install the vaccine and install the own vaccine with persistence and remove if needed the GandCrab new wallpaper and put a empty wallpaper. Password: Valthek GandCrab v4.x Vaccine 64 bits using a mistake of design from GandCrab creators. Waiting for your new version dudes, ;) MD5: 2bd9e310ecdbdb3c6c7b3030bd5ad08e SHA1: 2f5d7e78640cf08073ed07908de3e42a187defa5 Before of use read the readme! USE under your responsability, ;) Some AV can detect it as suspicious for the code but it is clean and if you don´t believe me.. reverse it! Always download from here or check the MD5 or SHA1 hashes of the zip file. This version don´t have any persistence in the system, only put the vaccine and make a backup if is needed. Password: Valthek GandCrab v4.x Vaccine 32 bits using a mistake of design from GandCrab creators. Waiting for your new version dudes, ;) MD5: a5ab8d35d23d87d0b7cd6222ee089202 SHA1: 1e3fbe503720ffcff6defb32225c6b7bfd5d1a1a Before of use read the readme! USE under your responsability, ;) Some AV can detect it as suspicious for the code but it is clean and if you don´t believe me.. reverse it! Always download from here or check the MD5 or SHA1 hashes of the zip file. This version don´t have any persistence in the system, only put the vaccine and make a backup if is needed. Password: Valthek GandCrab v4.x and 5.x(?) Vaccine 32 bits using a mistake of design from GandCrab creators. Waiting for your new version dudes and please that works in XP, :P XPSPRINT.DLL don´t exists in Windows less of Windows 7, ;) Nice copy & paste exploit. MD5: aae2b5d8bde4f774870405cfd302aac8 SHA1: 1870b923bdb260c750f03db164e7fae3a29ce6eb Before of use read the readme! USE under your responsability, ;) Some AV can detect it as suspicious for the code but it is clean and if you don´t believe me.. reverse it! Always download from here or check the MD5 or SHA1 hashes of the zip file. This version don´t have any persistence in the system, only put the vaccine and make a backup if is needed and remove the new GandCrab wallpaper if needed from the disk and set a empty desktop wallpaper. Password: Valthek