Gridinsoft Logo

Uploaded_file Malware CobaltStrike Analysis

Updated 1 year ago
Checked by Malware Check
uploaded_file

Technical Analysis

File Name uploaded_file
File Type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Scanner Version 1.0.138.174
Database Version 2023-09-10 23:01:43 UTC

Malware.Win64.CobaltStrike.cld

Malware family: CobaltStrike

Cobalt Strike is a penetration testing framework that deploys the Beacon agent for system control. While designed for legitimate security testing, it provides command execution, keylogging, file transfer, privilege escalation, and lateral movement capabilities. The tool operates in-memory to avoid disk-based detection and supports multiple communication protocols.
N/A
Detection Rate
310,784
File Size (bytes)
2023-09-10
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
cfab3bce973877f871fab477ff738d16
SHA1
a2da7b8735e580824355fcee61705edcfc5b7f65
SHA256
c72d1b903c65ebef5b20ee6e70eb3a46c49c72c74232fc66a62add763b061245
SHA512
ff3064bd5bb52d079c75d9d90944360eb11bbd035093eee268dd9df4ffc508df2c0c99daca612a511b69ed1aeb5498c773d749d80069064abc9bbc0ec4cddfde
ImpHash
9ac54dbf0e879da3dc3691bd7af5d6bf

PE Analysis

Basic Information

Image Base 0x180000000
Entry Point 0x180001490
Compilation Time 2023-09-10 19:22:57
Checksum 0x00000000 (Actual: 0x0005b3de)
OS Version 6.0
PEiD Signatures PE32+ executable (DLL) (GUI) x86-64, for MS Windows
PDB Path D:\QUANNVTOOLS\Dev\wevtapi\x64\Release\wevtapi.pdb
Digital Signature The PE file does not contain a certificate table.
Imports 3 libraries
KERNEL32, VCRUNTIME140, api-ms-win-crt-runtime-l1-1-0
Exports 45 functions
Resources 1 Resources
Sections 6 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 4,120 bytes 4,608 bytes 5.84 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 9065A606C9F523B0885B619BAE8D4A3D
.rdata 0x00003000 302,854 bytes 303,104 bytes 7.77 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ CE64DD2233B56A2E4353FBECFEF62852
.data 0x0004d000 1,600 bytes 512 bytes 0.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F7BE62718ED97C82BB8FF763A650EE8C
.pdata 0x0004e000 480 bytes 512 bytes 3.86 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4E59CB6F97279A69DF5505CC6AD29CD4
.rsrc 0x0004f000 248 bytes 512 bytes 2.53 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 28ABA3E9D8E1D7C770A208195A6AFE9F
.reloc 0x00050000 52 bytes 512 bytes 0.66 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 09AF96EF4AEE3574B706705789A68B1C
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 1 (145 bytes)
Resource Type Count Total Size Percentage
RT_MANIFEST 1 145 bytes
100%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Malware.Win64.CobaltStrike.cld Removal

Gridinsoft has the capability to identify and eliminate Malware.Win64.CobaltStrike.cld without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware