FateInjector.exe Trojan CobaltStrike Analysis

Trojan CobaltStrike
Updated on 2024-06-15 (1 month ago)
Checked by Online Virus Scanner
Online Virus Checkerv.
DB Version:2024-06-15 19:00:19


Cobalt Strike is a paid penetration testing tool used by security professionals to deploy an agent called 'Beacon' on a target system. Beacon provides various functionalities to the operator, including command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon operates in-memory and is file-less, loading itself into a process's memory after exploiting vulnerabilities or executing a shellcode loader, avoiding disk storage. It supports communication and staging over multiple protocols, including HTTP, HTTPS, DNS, SMB named pipes, and both forward and reverse TCP connections, with the capability for daisy-chaining. Additionally, Cobalt Strike includes the Artifact Kit, a toolkit for creating shellcode loaders.

Checked2024-06-15 17:04:39
File Size3907584 bytes

Trojan.Win64.CobaltStrike.tr Removal

Trojan.Win64.CobaltStrike.tr Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

Portable Executable Info

Image Base:0x140000000
Entry Point:0x14023be1c
Compilation:2021-01-12 16:40:03
Checksum:0x00000000 (Actual: 0x003c4930)
OS Version:6.0
PDB Path:C:\Users\Fligger\Source\Repos\FateInjector\x64\Release\FateInjector.pdb
PEiD:PE32+ executable (GUI) x86-64, for MS Windows
Sign:The PE file does not contain a certificate table.
Imports: KERNEL32, ADVAPI32, COMCTL32, RPCRT4, UxTheme, MSVCP140, MSIMG32, SHLWAPI, VCRUNTIME140_1, VCRUNTIME140, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-filesystem-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-time-l1-1-0, api-ms-win-crt-utility-l1-1-0, api-ms-win-crt-locale-l1-1-0, api-ms-win-crt-environment-l1-1-0, api-ms-win-crt-math-l1-1-0, USER32, GDI32, WINSPOOL, COMDLG32, SHELL32, ole32,
Exports: 0


Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x002775a5 0x00277600 60776be3e93fc0446be1014b6ea82e37 6.44
.rdata 0x00279000 0x00101622 0x00101800 06c9a557628dc54178329e46d4f9fe87 5.50
.data 0x0037b000 0x00043520 0x00014a00 50ac0731d4327262bc76ed44b0190f3c 4.93
.pdata 0x003bf000 0x0001941c 0x00019600 6016041804bdd8b4b573df7285865101 6.14
.rsrc 0x003d9000 0x00001d80 0x00001e00 086250002c1d75e8ab18beb19efb8ff7 2.75
.reloc 0x003db000 0x00010f7c 0x00011000 9057eac98e77eb74ed0cb654640dcf31 5.45

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware