[+] Credits: malvuln (aka hyp3rlinx)
[+] RansomLord v2 - Anti-Ransomware exploit tool
[+] RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise Ransomware pre-encryption.
[+] Lang: C
[+] SHA256: 8EA83752C4096C778709C14B60B9735CC68A5971DCDB0028A0BB167550554769
[+] Downloads: https://github.com/malvuln/RansomLord/releases/tag/v2
[+] Video PoC: https://www.youtube.com/watch?v=_Ho0bpeJWqI

SHA256 : 8EA83752C4096C778709C14B60B9735CC68A5971DCDB0028A0BB167550554769

This version now intercepts and terminates malware tested from 43 different threat groups.
Adding Wagner, Hakbit, Paradise, Jaff, DoubleZero, Blacksnake, Darkbit, Vohuk, Medusa and Phobus.
Two are wipers Wagner and DoubleZero supposedly used against entities in the Ukraine conflict.

Updated the x32/x64 DLLs to exploit ten more vulnerable ransomware
Added -s Security information flag section

Lamer Security engines may incorrectly flag RansomLord DLLs as malicious!
They are NOT! Win32 API export functions are stubs that simply call exit(1)

Generated exploit DLL MD5 file hashes:
x32: DFFBE7F79077E89197334764FE6882F4
x64: 5B54E12B8B944FDF64C091B0E6588E48

References:
https://hyp3rlinx.altervista.org/advisories/RansomLord_v1_Anti-Ransomware_Exploit_Tool.txt

malvuln circa 2024