Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Clop ransomware resource decoder

I wrote a decoder for the obfuscated resources embedded in Clop ransomware (e.g., "SIXSIX1"), specifically for the sample with SHA256 hash:




⚠️ The C++ tool uses the Windows API and so will only compile on Windows (unless you get creative). It's more or less doing the exact same thing the malware does to decode the resources.

  1. Extract the resource from the executable.

  2. Run the tool:

    decodeResource.exe encryptedResourceFilePath.bin outputFilename.txt

Python 3 CLI

I also wrote a Python 3 version that should work on any platform, with the exact same usage — only Python:

   python3 encryptedResourceFilePath.bin outputFilename.txt

Learn more

Read this blog post.

You can’t perform that action at this time.