Help crack Gpcode

If you read Vitaly’s blogpost yesterday, you’ll know that on the 4th June 2008 we detected a new variant of Gpcode, a dangerous file encryptor. Details of the encryption algorithms used by the virus are all in Vitaly’s post and the description of Gpcode.ak.

Along with antivirus companies around the world, we’re faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge. We estimate it would take around 15 million modern computers, running for about a year, to crack such a key.

Of course, we don’t have that type of computing power at our disposal. This is a case where we need to work together and apply all our collective knowledge and resources to the problem.

So we’re calling on you: crytographers, governmental and scientific institutions, antivirus companies, independent researchers…join with us to stop Gpcode. This is a unique project – uniting brain-power and resources out of ethical, rather than theoretical or malicious considerations.

Here are the public keys used by the authors of Gpcode.

The first is used for encryption in Windows XP and higher.

Key type: RSA KeyExchange
bitlength: 1024
RSA exponent: 00010001
RSA modulus:

The second is used for encryption in versions of Windows prior to XP.

Key type: RSA KeyExchange
bitlength: 1024
RSA exponent: 00010001
RSA modulus:

The RSA exponent for both keys is 0x10001 (65537).

The information above is sufficient to start factoring the key. A specially created utility could be of great help in factoring.

We’re happy to provide additional information to anyone involved in stopping Gpcode. To keep everyone up to date, we’ve set up a dedicated forum.

Help crack Gpcode

Your email address will not be published. Required fields are marked *



Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox