- Joined
- Feb 18, 2012
Recently I was infected by some ransomware that managed to encrypt all of my .txts, .jpgs, .pdfs, .ppts, and .docs. In trying to unencrypt them, I found a utility called Kaspersky RannohDecrypter, which allows you to find the encryption key by using an encrypted file, and the original version of the encrypted file. Unfortunately, while I was using this, I got an error message that said "Encrypted file is not same size as original file". I checked and I saw that the encrypted file was 20 bytes larger. I checked the rest of my encrypted file to some of my original ones, and the encrypted file were all consistently 20 bytes larger.
I have no idea where those 20 bytes are in the file. I was thinking that it could be a file header or something, but I don't know how I would remove or even view it. I've been trying to find if there was just an extra 20 bytes randomly shoved into the files, but comparing the files using Beyond Compare 3 showed no similarities in data, leading me to believe that it could be some form of metadata.
If you can help me, you will have attained the rank of god in my eyes.
Thanks in advance,
-Combat_Kebab
I have no idea where those 20 bytes are in the file. I was thinking that it could be a file header or something, but I don't know how I would remove or even view it. I've been trying to find if there was just an extra 20 bytes randomly shoved into the files, but comparing the files using Beyond Compare 3 showed no similarities in data, leading me to believe that it could be some form of metadata.
If you can help me, you will have attained the rank of god in my eyes.
Thanks in advance,
-Combat_Kebab