Online Virus Checker | v.1.0.168.174 |
DB Version: | 2024-03-02 00:00:14 |
Cobalt Strike is a paid penetration testing tool used by security professionals to deploy an agent called 'Beacon' on a target system. Beacon provides various functionalities to the operator, including command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon operates in-memory and is file-less, loading itself into a process's memory after exploiting vulnerabilities or executing a shellcode loader, avoiding disk storage. It supports communication and staging over multiple protocols, including HTTP, HTTPS, DNS, SMB named pipes, and both forward and reverse TCP connections, with the capability for daisy-chaining. Additionally, Cobalt Strike includes the Artifact Kit, a toolkit for creating shellcode loaders.
File | medellin_a64.exe |
Checked | 2024-03-01 22:45:37 |
MD5 | 02e9c672ea01108f756a99fce1565d13 |
SHA1 | 3bb4fa1d09facebca7020a6ea106349bfe3cd732 |
SHA256 | e537a0e18d56805e3c516ad561030e78cc85164df51ee9a0d4df0f51d83c6806 |
SHA512 | 0c3d987bea551145ee1f0b215163dd30ac4f80747cefc4435b9bf745a0bd6692cd547dfcf0e744aa40ad2f42b6ae39fdda41965dba228d3305d7977e55c94bce |
Imphash | 147442e63270e287ed57d33257638324 |
File Size | 19456 bytes |
Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.
Image Base: | 0x00400000 |
Entry Point: | 0x004014c0 |
Compilation: | 1970-01-01 00:00:00 |
Checksum: | 0x0000969b (Actual: 0x0000969b) |
OS Version: | 4.0 |
PEiD: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
Sign: | The PE file does not contain a certificate table. |
Sections: | 9 |
Imports: | KERNEL32, msvcrt, |
Exports: | 0 |
Resources: | 0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000020a8 | 0x00002200 | 3040ba596609d0f7ba50ac030468b13e | 5.92 |
.data | 0x00004000 | 0x000004f0 | 0x00000600 | 609326129f49cdc37213ae90bdfef8b0 | 5.82 |
.rdata | 0x00005000 | 0x00000910 | 0x00000a00 | b02c91451e7abad85f4a5bbe48fd6333 | 4.47 |
.pdata | 0x00006000 | 0x000002b8 | 0x00000400 | ad5ec754cf0e204a3a3c39436081f3bc | 2.97 |
.xdata | 0x00007000 | 0x00000238 | 0x00000400 | 6ce9e303fb86766d702ecb2b174cf348 | 2.63 |
.bss | 0x00008000 | 0x000009d0 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
.idata | 0x00009000 | 0x000008d8 | 0x00000a00 | ec8dedb62953693cf02784f71f75d547 | 3.71 |
.CRT | 0x0000a000 | 0x00000068 | 0x00000200 | 52d79e9aecf5d5c3145d3ec54aa197a8 | 0.27 |
.tls | 0x0000b000 | 0x00000010 | 0x00000200 | bf619eac0cdf3f68d496ea9344137e8b | 0.00 |