cobaltstrike | 0922c54fe24fccc64e6dcda11c409c631341280e714b3a68adb245b92dab6296

General

Target

0922c54fe24fccc64e6dcda11c409c631341280e714b3a68adb245b92dab6296
Size

70KB
MD5

0a0026431541bd9deb53f99dabc0f66b
SHA1

b2f3b8ba4b603b403bb310a2948a571acd726403
SHA256

0922c54fe24fccc64e6dcda11c409c631341280e714b3a68adb245b92dab6296
SHA512

9ab26cfbd2fad631a5337f4b31a757c172a8e4297b0e1eacf150fdde8608dee5223d7bceee8409012b406b727d3793e20730b052dbcd3be956112b14ac2cd043
SSDEEP

768:X7jo4o9gMh1rvr2WP28x99/uEkjh/a6DoswGd/:rjoLrD2WPLDHkFa/sw

Score

10^/10

cobaltstrike

Malware Config

Signatures

Cobaltstrike family
cobaltstrike

Files

0922c54fe24fccc64e6dcda11c409c631341280e714b3a68adb245b92dab6296
.dll windows x86

27a887f035db9016fd69549e323cf12a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

kernel32

TerminateProcess
GetCurrentProcess
LoadLibraryA
GetProcAddress
CreateProcessA
VirtualAlloc
WaitForSingleObject
CreateThread
GetModuleFileNameA
MoveFileA
DisableThreadLibraryCalls
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId

vcruntime140

_except_handler4_common
memset
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
exit
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

strcat_s

Exports

Exports

GetSessionId
GetXXXCode
SyncReportAction
SyncReportActionV2

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 448B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27a887f035db9016fd69549e323cf12a

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 448B - Virtual size: 408B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 448B - Virtual size: 408B