8618ac68a6f030225cd12dbd1b7bd55a1df84f96950bdaacc2e3f37715ade1ee Trojan CobaltStrike Analysis

Trojan CobaltStrike
Updated on 2023-12-08 (7 months ago)
Checked by Online Virus Scanner
Online Virus Checkerv.
DB Version:2023-12-08 08:01:00


Cobalt Strike is a paid penetration testing tool used by security professionals to deploy an agent called 'Beacon' on a target system. Beacon provides various functionalities to the operator, including command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon operates in-memory and is file-less, loading itself into a process's memory after exploiting vulnerabilities or executing a shellcode loader, avoiding disk storage. It supports communication and staging over multiple protocols, including HTTP, HTTPS, DNS, SMB named pipes, and both forward and reverse TCP connections, with the capability for daisy-chaining. Additionally, Cobalt Strike includes the Artifact Kit, a toolkit for creating shellcode loaders.

Checked2023-12-08 06:19:27
File Size1421824 bytes

Trojan.Win64.CobaltStrike.tr Removal

Trojan.Win64.CobaltStrike.tr Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

Portable Executable Info

Image Base:0x140000000
Entry Point:0x14015e47d
Compilation:2023-12-08 03:23:48
Checksum:0x001697a7 (Actual: 0x001697a7)
OS Version:6.0
PDB Path:C:\Users\Administrator\Downloads\EDR-Bypass-demo-main\chapter4-demo4\x64\Release\ShellcodeFluctuation.pdb
PEiD:PE32+ executable (console) x86-64, for MS Windows
Sign:The PE file does not contain a certificate table.
Imports: KERNEL32, MSVCP140, VCRUNTIME140_1, VCRUNTIME140, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-math-l1-1-0, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-locale-l1-1-0, IPHLPAPI, msvcrt, PSAPI, USER32, ADVAPI32, SHELL32,
Exports: 0


Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x0000e000 0x00005800 72687ad07885af813f2b8dc5bb0428f8 7.97
.sedata 0x0000f000 0x00154000 0x00153e00 231c204bb54c5afe021ca0fed2af0482 7.63
.idata 0x00163000 0x00001000 0x00000600 56439fdaba6637de8158672eb4fbfa73 3.94
.rsrc 0x00164000 0x00001000 0x00000200 fa4045cf2a7bb774762f58444a604378 4.72
.sedata 0x00165000 0x00001000 0x00001000 31a8b5369f62771cc77f3d18339b3272 7.98

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware