Help crack Gpcode

If you read Vitaly’s blogpost yesterday, you’ll know that on the 4th June 2008 we detected a new variant of Gpcode, a dangerous file encryptor. Details of the encryption algorithms used by the virus are all in Vitaly’s post and the description of Gpcode.ak.

Along with antivirus companies around the world, we’re faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge. We estimate it would take around 15 million modern computers, running for about a year, to crack such a key.

Of course, we don’t have that type of computing power at our disposal. This is a case where we need to work together and apply all our collective knowledge and resources to the problem.

So we’re calling on you: crytographers, governmental and scientific institutions, antivirus companies, independent researchers…join with us to stop Gpcode. This is a unique project – uniting brain-power and resources out of ethical, rather than theoretical or malicious considerations.

Here are the public keys used by the authors of Gpcode.

The first is used for encryption in Windows XP and higher.

Key type: RSA KeyExchange
bitlength: 1024
RSA exponent: 00010001
RSA modulus:

The second is used for encryption in versions of Windows prior to XP.

Key type: RSA KeyExchange
bitlength: 1024
RSA exponent: 00010001
RSA modulus:

The RSA exponent for both keys is 0x10001 (65537).

The information above is sufficient to start factoring the key. A specially created utility could be of great help in factoring.

We’re happy to provide additional information to anyone involved in stopping Gpcode. To keep everyone up to date, we’ve set up a dedicated forum.

Help crack Gpcode

Your email address will not be published. Required fields are marked *



APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox