General
-
Target
1.txt
-
Size
248KB
-
MD5
559a3e4a516314a6f54f8a2b216de06b
-
SHA1
585bfe3492bc29e6966d650c54ff3c0fd60b9d33
-
SHA256
06b5f72bf35908c18ebb92a3a1ebae879fff3065d6d52a3a240bfeda93d18da1
-
SHA512
896f61c138bf014d7d79134aee703c5377cdbf4addc8e13b58bc7dd400e49d545fbf57b945afa1812a942cfe87ebdfe17ea88e12a8eb5f60fed2a8e66a2ab71b
-
SSDEEP
6144:OVeYBEd21y3O8C3/xqB9Z6JG78UAja2A:OVeYBEdcyVeqBWJe8UAjaR
Malware Config
Signatures
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule sample cobalt_reflective_dll -
Cobaltstrike family
-
Describes win.cobalt_strike. 1 IoCs
malpedia CS.
resource yara_rule sample win_cobalt_strike_auto -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1.txt
Files
-
1.txt.dll windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 148KB - Virtual size: 148KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ