sodinokibi | 599f33c3eff24c7748de28d8189de0894249e1baac8fd0e7c162d8aa989875c4

Sharing

Copy URL

Twitter E-mail

General

Target

599f33c3eff24c7748de28d8189de0894249e1baac8fd0e7c162d8aa989875c4
Size

362KB
MD5

a1c286d8f670186a3d14ec2766f096c5
SHA1

814121996088aac0011294f974f980553a0f228f
SHA256

599f33c3eff24c7748de28d8189de0894249e1baac8fd0e7c162d8aa989875c4
SHA512

1320de5991cc4c56b6d44544469e3c0074a25658cb080e6c99c537e6b5037806a92138f0958efcf96332f17c75807b0e321550ef3835a72afb1f77b2cbdea12a
SSDEEP

6144:kiVb7pEtNPQpisAFBaSHAKhHkd9/vUdmwIXo+M9VQHDQyspAkLKMxtP3YWAw9fI:3jETpBjgTj/vUNuMXQ8ysHXtPPJ9fI

Score

10^/10

sodinokibi

Malware Config

Signatures

Sodinokibi family
sodinokibi
Sodinokibi/Revil sample 1 IoCs

Processes:

resource yara_rule

sample family_sodinokobi

resource	yara_rule
sample	family_sodinokobi

Files

599f33c3eff24c7748de28d8189de0894249e1baac8fd0e7c162d8aa989875c4
.exe windows x86

88ed395cb90ccfb3cdbcb081410d56f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

kernel32

GetModuleHandleA
BuildCommDCBA
CallNamedPipeA
GetFileAttributesA
GetUserDefaultLCID
GetTapeParameters
GetVersionExW
GlobalAlloc
AddConsoleAliasA
DebugActiveProcess
FindNextVolumeA
MoveFileW
lstrlenA
GetSystemPowerStatus
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SetConsoleWindowInfo
DeleteFileA
VirtualProtect
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
GetLastError
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetFileType
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
FlushFileBuffers
WriteConsoleW
CreateFileW
DecodePointer

gdi32

GetEnhMetaFileHeader
GetDCBrushColor
EqualRgn
AddFontResourceW
SetMetaFileBitsEx
GetTextExtentPoint32A

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88ed395cb90ccfb3cdbcb081410d56f6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 19KB - Virtual size: 77KB

.gfids Size: 512B - Virtual size: 284B

.text Size: 68KB - Virtual size: 68KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 19KB - Virtual size: 77KB

.gfids
Size: 512B - Virtual size: 284B

.text
Size: 68KB - Virtual size: 68KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 4KB - Virtual size: 4KB