| File Name | medellin_a64.exe |
| File Type |
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
| Scanner Version | 1.0.168.174 |
| Database Version | 2024-03-02 00:00:14 UTC |
Malware family: CobaltStrike
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
02e9c672ea01108f756a99fce1565d13
|
|
| SHA1 |
3bb4fa1d09facebca7020a6ea106349bfe3cd732
|
|
| SHA256 |
e537a0e18d56805e3c516ad561030e78cc85164df51ee9a0d4df0f51d83c6806
|
|
| SHA512 |
0c3d987bea551145ee1f0b215163dd30ac4f80747cefc4435b9bf745a0bd6692cd547dfcf0e744aa40ad2f42b6ae39fdda41965dba228d3305d7977e55c94bce
|
|
| ImpHash |
147442e63270e287ed57d33257638324
|
| Image Base | 0x00400000 |
| Entry Point | 0x004014c0 |
| Compilation Time | 1970-01-01 00:00:00 |
| Checksum | 0x0000969b (Actual: 0x0000969b) |
| OS Version | 4.0 |
| PEiD Signatures |
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
| Digital Signature | The PE file does not contain a certificate table. |
| Imports |
2 libraries
KERNEL32, msvcrt |
| Exports | 0 functions |
| Resources | 0 Resources |
| Sections | 9 Sections |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
8,360 bytes | 8,704 bytes | 5.92 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES
|
3040BA596609D0F7BA50AC030468B13E |
.data |
0x00004000 |
1,264 bytes | 1,536 bytes | 5.82 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
609326129F49CDC37213AE90BDFEF8B0 |
.rdata |
0x00005000 |
2,320 bytes | 2,560 bytes | 4.47 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES
|
B02C91451E7ABAD85F4A5BBE48FD6333 |
.pdata |
0x00006000 |
696 bytes | 1,024 bytes | 2.97 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
AD5EC754CF0E204A3A3C39436081F3BC |
.xdata |
0x00007000 |
568 bytes | 1,024 bytes | 2.63 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES
|
6CE9E303FB86766D702ECB2B174CF348 |
.bss |
0x00008000 |
2,512 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x00009000 |
2,264 bytes | 2,560 bytes | 3.71 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES
|
EC8DEDB62953693CF02784F71F75D547 |
.CRT |
0x0000a000 |
104 bytes | 512 bytes | 0.27 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES
|
52D79E9AECF5D5C3145D3EC54AA197A8 |
.tls |
0x0000b000 |
16 bytes | 512 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES
|
BF619EAC0CDF3F68D496EA9344137E8B |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system
