Skip to content

Instantly share code, notes, and snippets.

Tom Bonner tombonner

View GitHub Profile
tombonner /
Created Jul 18, 2019
IDA python script to decode Sodin/Sodinokibi/REvil strings.
"""IDA python script to decode Sodin/Sodinokibi/REvil strings. First perform a lumina pull to identify the sodin_decrypt_string function, then run this script to decode all strings."""
import idautils
import string
def rc4(key, enc_data):
dec = ""
enc = []
enclen = len(enc_data)
keylen = len(key)
"""Extract Sodinokibi ransomware configuration from a given exe/folder of exes"""
import os
import sys
import scandir
import pefile
import string
import struct
import json
def rc4(key, enc_data):
def petya_hash_process_name(name):
checksum = [0x78, 0x56, 0x34, 0x12]
i = 0
while i < 3:
j = i
for c in name:
checksum[j & 0x3] = abs((ord(c) ^ checksum[j & 0x3]) - 1)
j += 1
You can’t perform that action at this time.