| Online Virus Checker | v.1.0.183.174 |
| DB Version: | 2024-08-06 00:00:54 |
Cobalt Strike is a paid penetration testing tool used by security professionals to deploy an agent called 'Beacon' on a target system. Beacon provides various functionalities to the operator, including command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon operates in-memory and is file-less, loading itself into a process's memory after exploiting vulnerabilities or executing a shellcode loader, avoiding disk storage. It supports communication and staging over multiple protocols, including HTTP, HTTPS, DNS, SMB named pipes, and both forward and reverse TCP connections, with the capability for daisy-chaining. Additionally, Cobalt Strike includes the Artifact Kit, a toolkit for creating shellcode loaders.
| File | FateInjector.exe |
| Checked | 2024-08-05 21:19:17 |
| MD5 | 9e6de7c7ebd1a00c2f7ddec78ba9403a |
| SHA1 | 65a9e65bf9b2b683ed93ac9848df8b5c9f3d4297 |
| SHA256 | 77a84c4ed29551d8968a9bc5de796d6f8463fa54df8554b3cff91ca83d8ff70d |
| SHA512 | f2dac6efaf4fa6c32b14a45bfa60813b67eb3a46e9a7342d13c1ba3bea3e0a188a5703d34c5fc65d20baae751c334474a9b51d7862d4c74fb60007dd8ce4adc9 |
| Imphash | 7872442659d25a99d4c81847d3fcd592 |
| File Size | 3907584 bytes |
Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.
 |
259972dbbcc21e50f60b08ad42f67873 4480d75e209464d5fed70a39caf90bef 6169d96969995919 |
| Image Base: | 0x140000000 |
| Entry Point: | 0x14023be1c |
| Compilation: | 2021-01-12 16:40:03 |
| Checksum: | 0x00000000 (Actual: 0x003c4930) |
| OS Version: | 6.0 |
| PDB Path: | C:\Users\Fligger\Source\Repos\FateInjector\x64\Release\FateInjector.pdb |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 6 |
| Imports: | KERNEL32, ADVAPI32, COMCTL32, RPCRT4, UxTheme, MSVCP140, MSIMG32, SHLWAPI, VCRUNTIME140_1, VCRUNTIME140, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-filesystem-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-time-l1-1-0, api-ms-win-crt-utility-l1-1-0, api-ms-win-crt-locale-l1-1-0, api-ms-win-crt-environment-l1-1-0, api-ms-win-crt-math-l1-1-0, USER32, GDI32, WINSPOOL, COMDLG32, SHELL32, ole32, |
| Exports: | 0 |
| Resources: | 3 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x002775a5 | 0x00277600 | 60776be3e93fc0446be1014b6ea82e37 | 6.44 |
| .rdata | 0x00279000 | 0x00101622 | 0x00101800 | 06c9a557628dc54178329e46d4f9fe87 | 5.50 |
| .data | 0x0037b000 | 0x00043520 | 0x00014a00 | 50ac0731d4327262bc76ed44b0190f3c | 4.93 |
| .pdata | 0x003bf000 | 0x0001941c | 0x00019600 | 6016041804bdd8b4b573df7285865101 | 6.14 |
| .rsrc | 0x003d9000 | 0x00001d80 | 0x00001e00 | 086250002c1d75e8ab18beb19efb8ff7 | 2.75 |
| .reloc | 0x003db000 | 0x00010f7c | 0x00011000 | 9057eac98e77eb74ed0cb654640dcf31 | 5.45 |
