| File Name | FateInjector.exe |
| File Type |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.216.174 |
| Database Version | 2025-05-18 21:00:26 UTC |
Malware family: CobaltStrike
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
9e6de7c7ebd1a00c2f7ddec78ba9403a
|
|
| SHA1 |
65a9e65bf9b2b683ed93ac9848df8b5c9f3d4297
|
|
| SHA256 |
77a84c4ed29551d8968a9bc5de796d6f8463fa54df8554b3cff91ca83d8ff70d
|
|
| SHA512 |
f2dac6efaf4fa6c32b14a45bfa60813b67eb3a46e9a7342d13c1ba3bea3e0a188a5703d34c5fc65d20baae751c334474a9b51d7862d4c74fb60007dd8ce4adc9
|
|
| ImpHash |
7872442659d25a99d4c81847d3fcd592
|
| Icon |
Hash: 259972dbbcc21e50f60b08ad42f67873
Fuzzy: 4480d75e209464d5fed70a39caf90bef dHash: 6169d96969995919 |
| Image Base | 0x140000000 |
| Entry Point | 0x14023be1c |
| Compilation Time | 2021-01-12 16:40:03 |
| Checksum | 0x00000000 (Actual: 0x003c4930) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32+ executable (GUI) x86-64, for MS Windows
|
| PDB Path | C:\Users\Fligger\Source\Repos\FateInjector\x64\Release\FateInjector.pdb |
| Digital Signature | No valid SignedData structure was found. |
| Imports | 27 libraries |
| Exports | 0 functions |
| Resources | 3 Resources |
| Sections | 6 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
2,586,021 bytes | 2,586,112 bytes | 6.44 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
60776BE3E93FC0446BE1014B6EA82E37 |
.rdata |
0x00279000 |
1,054,242 bytes | 1,054,720 bytes | 5.50 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
06C9A557628DC54178329E46D4F9FE87 |
.data |
0x0037b000 |
275,744 bytes | 84,480 bytes | 4.93 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
50AC0731D4327262BC76ED44B0190F3C |
.pdata |
0x003bf000 |
103,452 bytes | 103,936 bytes | 6.14 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
6016041804BDD8B4B573DF7285865101 |
.rsrc |
0x003d9000 |
7,552 bytes | 7,680 bytes | 2.75 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
086250002C1D75E8AB18BEB19EFB8FF7 |
.reloc |
0x003db000 |
69,500 bytes | 69,632 bytes | 5.45 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
9057EAC98E77EB74ED0CB654640DCF31 |
| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 1 | 6,551 bytes | |
| RT_GROUP_ICON | 1 | 20 bytes | |
| RT_MANIFEST | 1 | 733 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
