Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Feb 2013 13:21:24 +0000
From: Nicolas Brulez <>
To: "" <>
Subject: RE: RAR Cracking with JtR Jumbo (Files found during

Hello Bartosz,

Unfortunately, there were no text files with the password AFAIK.
That's the first thing i looked at, as well as traces of the password in memory dump. No luck :(


Best regards,

Nicolas Brulez | Malware Expert - Global Research and Analysis Team | Kaspersky Lab

-----Message d'origine-----
De : pierzi [] 
Envoyé : mercredi 13 février 2013 14:15
À :
Objet : Re: [john-users] RAR Cracking with JtR Jumbo (Files found during forensics)

Hello Nicolas
I had little expirience with trojans encrypted with so called FUD, as far
as i've seen passowrds for encrypted installation/updateds were
stored in plain text file next to archive. Passwords however were very
complex. I know it's long shot but if You still can access infected
machine, it might be worth to check for those text files...

best regards

2013/2/13 Dhiru Kholia <>

> On Wed, Feb 13, 2013 at 4:38 PM, Nicolas Brulez
> <> wrote:
> > While doing investigations, several RAR password protected SFX files
> were found on hundreds of machines.
> >
> > I have limited power for cracking password, and I tried "crark". Using
> my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s.
> > I have tried several things: Some simple wordlist, brute forcing only
> lowercase, numbers, low/upp/numb/special and i didn't find anything.
> > I don't think the passwords are that complex, but the limited power I
> have probably did not help.
> Maybe Jeremi Gosney (@jmgosney) can help with the computing power part.
> --
> Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.