{
	"id": "b3195235-8bb5-4ad6-a111-0ce80d70d429",
	"created_at": "2026-04-06T00:06:20.156629Z",
	"updated_at": "2026-04-10T03:20:32.647851Z",
	"deleted_at": null,
	"sha1_hash": "4be0f9d0c2d82d99ff905e6169615446c7e5c948",
	"title": "Princess Locker decryptor",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 183542,
	"plain_text": "Princess Locker decryptor\r\nBy Posted on\r\nPublished: 2016-11-17 · Archived: 2026-04-05 14:04:37 UTC\r\n[UPDATE: 19th March 2018] – I keep getting e-mails from people asking me why my decryptor doesn’t work.\r\nPlease understand, this is an obsolete tool, it was written in 2016 for the FIRST VERSION of  Princess Locker.\r\nThe current version is improved and no longer decryptable.\r\n[UPDATE: 28th Nov 2016] – unfortunately, recently a new variant appeared, that fixed the bug which allowed\r\nme crack this ransomware. If generating the key takes more than few minutes,  it probably means that you has\r\nbeen infected by the new version of Princess. I am sorry, but I am not capable of helping in such case.\r\nIf you are a researcher curious how I cracked it, you can see the decryptor’s source code:\r\nhttps://github.com/hasherezade/decryptors_archive/tree/master/princesslocker_decrypt\r\nThe presented decryptor works ONLY for the first version of Princess Locker ransomware (tested on sample:\r\n14c32fd132942a0f3cc579adbd8a51ed):\r\nRansom note example:\r\nhttps://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/\r\nPage 1 of 4\n\nIn this thread you will find all the information and updates about the progress.\r\nCurrently I prepared a set of two EXPERIMENTAL tools: keygen and decryptor.\r\n  You can download the full package from here.\r\n   See it in action on YouTube: https://www.youtube.com/watch?v=Ted84CoOPvg\r\nUse the keygen first in order to find your key. If this operation went successful, you can use decryptor to decrypt\r\nyour other files.\r\nThe tools are protected with PE-Lock (special thanks to Bartosz Wójcik).\r\nHOW TO USE\r\nIn order to use the keygen you must find one file, that you can provide in both forms: unencrypted and encrypted.\r\nYou also need to supply the added extension. It is beneficial (but not required) to supply the unique ID from your\r\nransom note.\r\nUsage:\r\nPrincessKeygen.exe [encrypted file] [original file] [added extension] [*unique id]\r\n* – optional parameter\r\nExample:\r\nhttps://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/\r\nPage 2 of 4\n\nRead the data from your ransom note:\r\nAnd supply them to the keygen:\r\nPrincessKeygen.exe \"square1.bmp.xauwk\" \"square1.bmp\" xauwk ujivtjf25pwt\r\nWhat if you don’t have any original file?\r\nIn case if you don’t have the original copy of any of your encrypted files, you can use an encrypted file of one of\r\nthe following formats:\r\ndoc, png, gif, pdf, docx, xlsx, ppt, xls\r\nThen, instead of the original file, supply the preprepared header – you can find the set here. However, this method\r\nmay, in some rare cases, produce invalid results – so, supplying the original file is recommended.\r\nExample:\r\nWhat if you don’t have the ransom note?\r\nIt’s OK. Just supply the extension – but be warned that cracking may take a bit longer.\r\nhttps://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/\r\nPage 3 of 4\n\nCheck if your output file is valid. If so, save the key and use it to decrypt rest of your files, with the help of\r\nPrincessDecryptor.\r\nUsage:\r\nPrincessDecryptor.exe [key] [ransom extension] [*file/directory]\r\n* – optional parameter – default is current directory\r\nAbout hasherezade\r\nProgrammer and researcher, interested in InfoSec.\r\nSource: https://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/\r\nhttps://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://hshrzd.wordpress.com/2016/11/17/princess-locker-decryptor/"
	],
	"report_names": [
		"princess-locker-decryptor"
	],
	"threat_actors": [],
	"ts_created_at": 1775433980,
	"ts_updated_at": 1775791232,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4be0f9d0c2d82d99ff905e6169615446c7e5c948.pdf",
		"text": "https://archive.orkl.eu/4be0f9d0c2d82d99ff905e6169615446c7e5c948.txt",
		"img": "https://archive.orkl.eu/4be0f9d0c2d82d99ff905e6169615446c7e5c948.jpg"
	}
}