Creamware is a simple ransomware for Proof-Of-Concept purposes.
The malware uses AES-128b with SHA-256b as block hashing function.
Encryption is offered by the "Microsoft Enhanced RSA and AES Cryptographic Provider".
@Let's c.r.e.a.m. together!
Brought to you by the 0R1ngOCr3w - joint venture by @k0z4c and @Cyb0tage.
creamware c:\dir\to\c.r.e.a.m. [aeskey16]After encryption a README.txt file is generated on the user's dektop.
creamware c:\dir\to\c.r.e.a.m. <aeskey> decryptIf the default key was used, then issue the following
creamware.exe c:\dir\to\clean 3igcZhRdWq96m3GUmTAiv9 decryptCompiled with Windows Visual Studio 2022, C++11
The README.txt note on Desktop will not be deleted after recovery
Many thanks to my fella @Cyb0tage for the ideas, contributions and the testing part.
We got the feva <3