Win_Ransomware_Sodinokibi-7013612-0-b88951ceb296c8f01a8e13bc4efa4eb754361ee8ad3d64063d14489bc139a492_exe_PID1e4c_browcli[.]dll_74B60000_x86[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Win_Ransomware_Sodinokibi-7013612-0-b88951ceb296c8f01a8e13bc4efa4eb754361ee8ad3d64063d14489bc139a492_exe_PID1e4c_browcli.dll_74B60000_x86.dll
Size

64KB
MD5

2fc3a367824c4bdb32e5ab92469f5bc5
SHA1

84c02cb5e751cd9d4e541d5c98d1c00af9682b4b
SHA256

331a6fd9f5007b2e23c7869b671d83c327cd41581aa9643bb4e9c962b982933f
SHA512

ea281e87ddaf086746bac9d8d3b8db6028076deaea640f9600b33f92aefd92d9cec3639faba2849ab6949e162a50c97f564b08e3f256528b3490f445085c4ee4
SSDEEP

1536:lPNY6bcw4rXW3v2eh/V4QUAM7dbf9EB4IJTd:Ahm3v2eh2wM7dbf9qJZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Win_Ransomware_Sodinokibi-7013612-0-b88951ceb296c8f01a8e13bc4efa4eb754361ee8ad3d64063d14489bc139a492_exe_PID1e4c_browcli.dll_74B60000_x86.dll

Files

Win_Ransomware_Sodinokibi-7013612-0-b88951ceb296c8f01a8e13bc4efa4eb754361ee8ad3d64063d14489bc139a492_exe_PID1e4c_browcli.dll_74B60000_x86.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

I_BrowserDebugCall
I_BrowserDebugTrace
I_BrowserQueryEmulatedDomains
I_BrowserQueryOtherDomains
I_BrowserQueryStatistics
I_BrowserResetNetlogonState
I_BrowserResetStatistics
I_BrowserServerEnum
I_BrowserSetNetlogonState
NetBrowserStatisticsGet
NetServerEnum
NetServerEnumEx

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ