Gridinsoft Logo
File Icon

FateInjector.exe Trojan CobaltStrike Analysis

Technical Analysis

File Name FateInjector.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.216.174
Database Version 2025-05-18 21:00:26 UTC

Trojan.Win64.CobaltStrike.tr

Malware family: CobaltStrike

Cobalt Strike is a penetration testing framework that deploys the Beacon agent for system control. While designed for legitimate security testing, it provides command execution, keylogging, file transfer, privilege escalation, and lateral movement capabilities. The tool operates in-memory to avoid disk-based detection and supports multiple communication protocols.
N/A
Detection Rate
3,907,584
File Size (bytes)
2025-05-18
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
9e6de7c7ebd1a00c2f7ddec78ba9403a
SHA1
65a9e65bf9b2b683ed93ac9848df8b5c9f3d4297
SHA256
77a84c4ed29551d8968a9bc5de796d6f8463fa54df8554b3cff91ca83d8ff70d
SHA512
f2dac6efaf4fa6c32b14a45bfa60813b67eb3a46e9a7342d13c1ba3bea3e0a188a5703d34c5fc65d20baae751c334474a9b51d7862d4c74fb60007dd8ce4adc9
ImpHash
7872442659d25a99d4c81847d3fcd592

PE Analysis

Basic Information

Icon
Hash: 259972dbbcc21e50f60b08ad42f67873
Fuzzy: 4480d75e209464d5fed70a39caf90bef
dHash: 6169d96969995919
Image Base 0x140000000
Entry Point 0x14023be1c
Compilation Time 2021-01-12 16:40:03
Checksum 0x00000000 (Actual: 0x003c4930)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path C:\Users\Fligger\Source\Repos\FateInjector\x64\Release\FateInjector.pdb
Digital Signature No valid SignedData structure was found.
Imports 27 libraries
Exports 0 functions
Resources 3 Resources
Sections 6 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 2,586,021 bytes 2,586,112 bytes 6.44 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 60776BE3E93FC0446BE1014B6EA82E37
.rdata 0x00279000 1,054,242 bytes 1,054,720 bytes 5.50 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 06C9A557628DC54178329E46D4F9FE87
.data 0x0037b000 275,744 bytes 84,480 bytes 4.93 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 50AC0731D4327262BC76ED44B0190F3C
.pdata 0x003bf000 103,452 bytes 103,936 bytes 6.14 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6016041804BDD8B4B573DF7285865101
.rsrc 0x003d9000 7,552 bytes 7,680 bytes 2.75 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 086250002C1D75E8AB18BEB19EFB8FF7
.reloc 0x003db000 69,500 bytes 69,632 bytes 5.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 9057EAC98E77EB74ED0CB654640DCF31

Resource Analysis

Total Resources: 3 (7,304 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 6,551 bytes
89.7%
RT_GROUP_ICON 1 20 bytes
0.3%
RT_MANIFEST 1 733 bytes
10%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win64.CobaltStrike.tr Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware