94d087166651c0020a9e6cc2fdacdc0c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-May-20 18:41:30

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info Cryptographic algorithms detected in the binary: Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found:
Unusual section name found:
Malicious VirusTotal score: 62/72 (Scanned on 2022-11-19 16:34:02) Bkav: W32.AIDetect.malware1
Lionic: Trojan.Win32.Sodin.j!c
Elastic: Windows.Ransomware.Sodinokibi
Cynet: Malicious (score: 100)
CAT-QuickHeal: Ransom.Revil.S28288297
ALYac: Trojan.Ransom.Sodinokibi
Cylance: Unsafe
VIPRE: Trojan.GenericKD.46595451
Sangfor: Ransom.Win32.Sodinokibi_1.se2
CrowdStrike: win/malicious_confidence_100% (W)
Alibaba: Ransom:Win32/generic.ali2000010
K7GW: Trojan ( 0057f5361 )
K7AntiVirus: Trojan ( 0057f5361 )
Cyren: W32/Sodinokibi.D.gen!Eldorado
Symantec: Ransom.Sodinokibi!gm1
ESET-NOD32: a variant of Win32/Filecoder.Sodinokibi.B
APEX: Malicious
ClamAV: Win.Ransomware.Sodinokibi-9880447-0
Kaspersky: Trojan-Ransom.Win32.Sodin.ain
BitDefender: Trojan.GenericKD.46595451
NANO-Antivirus: Virus.Win32.Gen.ccmw
ViRobot: Trojan.Win32.S.Sodinokibi.139264.A
MicroWorld-eScan: Trojan.GenericKD.46595451
Avast: Win32:Sodinokibi-D [Ransom]
Tencent: Win32.Trojan.Filecoder.Qnkl
Ad-Aware: Trojan.GenericKD.46595451
TACHYON: Ransom/W32.Sodinokibi.139264
Emsisoft: Trojan.GenericKD.46595451 (B)
Comodo: Malware@#32tyxsuklj9hx
DrWeb: Trojan.Encoder.34112
Zillya: Trojan.Sodin.Win32.232
TrendMicro: Ransom.Win32.SODINOKIB.SMZTIC-B
McAfee-GW-Edition: BehavesLike.Win32.Generic.ch
Trapmine: malicious.high.ml.score
FireEye: Generic.mg.94d087166651c002
Sophos: Mal/Generic-S + Mal/Sodino-B
Ikarus: Trojan-Ransom.Sodinokibi
Jiangmin: Trojan.Sodin.db
Webroot: W32.Ransom.Sodinokibi
Avira: TR/Crypt.XPACK.Gen
Antiy-AVL: Trojan[Ransom]/Win32.Sodin.vho
Kingsoft: Win32.Troj.Undef.(kcloud)
Microsoft: Ransom:Win32/Revil.A
Gridinsoft: Ransom.Win32.Generic.oa!s1
Arcabit: Trojan.Generic.D2C6FD7B
GData: Trojan.GenericKD.46595451
Google: Detected
AhnLab-V3: Trojan/Win.Ransom.R372521
Acronis: suspicious
McAfee: Ransom-Sodinkbi!94D087166651
MAX: malware (ai score=100)
VBA32: BScope.TrojanRansom.Sodin
Malwarebytes: ELEX.Adware.BrowserHijacker.DDS
TrendMicro-HouseCall: Ransom.Win32.SODINOKIB.SMZTIC-A
Rising: Ransom.Sodinokibi!1.D473 (CLASSIC)
SentinelOne: Static AI - Suspicious PE
MaxSecure: Trojan.Malware.192374373.susgen
Fortinet: W32/Sodinokibi.46!tr.ransom
BitDefenderTheta: Gen:NN.ZexaF.34796.iuW@aSaeFLc
AVG: Win32:Sodinokibi-D [Ransom]
Cybereason: malicious.66651c
Panda: Trj/GdSda.A

Hashes

MD5 94d087166651c0020a9e6cc2fdacdc0c
SHA1 99be22569ba9b1e49d3fd36f65faa6795672fcc0
SHA256 9b11711efed24b3c6723521a7d7eb4a52e4914db7420e278aa36e727459d59dd
SHA3 a63b907e4c49a7d58c4fdc99d3e695996cded095f46f66e95421beca9608f66e
SSDeep 1536:xxd+ReKXU/MQaL7k0B/L7s+Zi+GrZxtQpfyHvtICS4A4UdZls8XzUXiWr4X5F4G:xtchTojrZxtMhiiZHjUyWr4X5FTDU
Imports Hash f3d46e2f8717ced6d4b220e65d6ad18a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2021-May-20 18:41:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xc400
SizeOfInitializedData 0x12400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00004883 (Section: )
BaseOfCode 0x1000
BaseOfData 0xe000
ImageBase 0x2c90000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x22000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

Section_1

MD5 07703f59332dd49326ee721401841cd3
SHA1 825eb0939953777550ce1b4b0ff61257bd5fe490
SHA256 bf50e623c62669f81aefe66c45b068916d252448c3bcd27a831751e4f6300982
SHA3 4765412b032802d5366fc0e8698c977c52f1951d14acd4efb8e623bad1bd3a7a
VirtualSize 0xd000
VirtualAddress 0x1000
SizeOfRawData 0xd000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.4027

Section_2

MD5 c3ef9bf990025c2f26e144e480617b79
SHA1 488c8b24277ab473fa267717184a18608fee71d3
SHA256 e59bd9de093e777e5982e4d14531607d00752c08b05f04bcd2139fd38d3abf0d
SHA3 92078c8318197eb3e25a437f430fba0d7c07aad9a16739f87d00ad7cf8b6307a
VirtualSize 0x3000
VirtualAddress 0xe000
SizeOfRawData 0x3000
PointerToRawData 0xe000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.66698

Section_3

MD5 8271ca54929e9680147906e481414da7
SHA1 32335b9137afd9455f96fac24ee85e2128206b7d
SHA256 381e88ac0f791ab5888eac3a36f68b9eff24c297542f7274f176ce779b85b8ac
SHA3 033967e35bb1e666e577c002e34e3f34799fcbb09112cab2a4f9e033684d0f5b
VirtualSize 0x3000
VirtualAddress 0x11000
SizeOfRawData 0x3000
PointerToRawData 0x11000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.8808

Section_4

MD5 92e7f54b8e63f5a0ae8b6a2210343862
SHA1 7bcc575c07a1839798b4c77904affb04fd9fe51e
SHA256 328488174b4851c14a126dd2119982198ead7bf03608d9ced69afaf867611e5b
SHA3 4e3a015e2c4de9c733c0ca02fe73e1e7b40b67fd9a1637a358c0a105d7024925
VirtualSize 0xd000
VirtualAddress 0x14000
SizeOfRawData 0xd000
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.32298

Section_5

MD5 8f5cc112da98fab584bde8cbaa8e3e1b
SHA1 df391ffaa984a458e3e1cc7651b0328565af9584
SHA256 43be188497ec52b6b60821a30b80bb9a364fa755c5a9a5de659b3b7b4fbd1ab2
SHA3 a53ffdb75461dc87e32b7d332f5ed0c47ef72f3d0446afa4440daac98c1b27d7
VirtualSize 0x1000
VirtualAddress 0x21000
SizeOfRawData 0x1000
PointerToRawData 0x21000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.91428

Imports

KERNEL32.dll CloseHandle
lstrcmpiW
Sleep
VerSetConditionMask
VerifyVersionInfoW
lstrcmpA
SetThreadPriority
USER32.dll MessageBoxW
OLEAUT32.dll SysAllocString
SysFreeString
VariantInit
VariantClear

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->