Sodinokibi[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Sodinokibi.exe
Size

822KB
MD5

4c811aa6fa4b6c24e325b0d71b84f710
SHA1

389666ea397b3c51aeb147c8abb504c40b906d62
SHA256

412e951a350b84f8c0d0a2db79029b4bbd6be624656f2a739db0fc00c6dbb52f
SHA512

c33ccb7ed3c6a34d38fde8d824316012bc094abf7f62aad4472a00622500cd7a58cce43a13a26d8680d409a6a779ff36369669f97f91eea8ee50bcfd63f6fa3d
SSDEEP

6144:NYk1/mCXu8BCnsq4MSt9kM5zaQrV+eXR:N/11u8BCnsq4zX5zlV+eB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Sodinokibi.exe

Files

Sodinokibi.exe
.exe windows:4 windows x86 arch:x86

d4f70a639ddc9f50f2c81b3aefba68aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualProtect
ExitProcess
LocalReAlloc
CreateActCtxA
Process32First

imagehlp

SymMatchFileName
SymEnumSym
ImageGetDigestStream
FindFileInPath
SymEnumerateSymbols64
SymGetModuleInfo64
SymGetLinePrev

ole32

HENHMETAFILE_UserMarshal
CreateGenericComposite
OleCreateFromFileEx
DllRegisterServer
CoCreateFreeThreadedMarshaler

oleaut32

VarBstrFromDisp
VarR8FromUI4
VarParseNumFromStr
VarBoolFromR4
OACreateTypeLib2
VarUI8FromStr
VarAnd
LoadRegTypeLib
VarUI8FromUI1

gdi32

EngBitBlt
GdiPlayPrivatePageEMF
RoundRect
EndDoc
PolyDraw
GetTextExtentPoint32W
GdiPlayEMF
DescribePixelFormat
CreateCompatibleBitmap
EngMultiByteToUnicodeN
GetEUDCTimeStampExW

oledlg

OleUIBusyA
OleUIAddVerbMenuA
OleUIChangeSourceW
OleUIEditLinksW
OleUIBusyW
OleUIUpdateLinksA
OleUICanConvertOrActivateAs
OleUIChangeIconW

msimg32

AlphaBlend
TransparentBlt
DllInitialize

Sections

.text
Size: 272KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.py
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.py
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ut
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.py
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ut
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d4f70a639ddc9f50f2c81b3aefba68aa

Headers

File Characteristics

Imports

kernel32

imagehlp

ole32

oleaut32

gdi32

oledlg

msimg32

Sections

.text Size: 272KB - Virtual size: 276KB

.data Size: 5KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 12KB

.py Size: 512B - Virtual size: 4KB

.py Size: 512B - Virtual size: 4KB

.ut Size: 512B - Virtual size: 4KB

.py Size: 512B - Virtual size: 4KB

.ut Size: 532KB - Virtual size: 532KB

.text
Size: 272KB - Virtual size: 276KB

.data
Size: 5KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 12KB

.py
Size: 512B - Virtual size: 4KB

.py
Size: 512B - Virtual size: 4KB

.ut
Size: 512B - Virtual size: 4KB

.py
Size: 512B - Virtual size: 4KB

.ut
Size: 532KB - Virtual size: 532KB