cobaltstrike | 企业签名解密专用解密工具[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

企业签名解密专用解密工具.exe
Size

113KB
MD5

3813e4ebddd87615c1adc9c05888341d
SHA1

6bb87c30e0264360749098940a0e88f22eb3707e
SHA256

b9fe687c6eb9ab9b6bd159ce4eaca00ff85347900bdb458f472b6a495a3b673f
SHA512

7672a93cbd3b99ab716ae1951d74d7aad74ac559bb171b2b168f77b15e88151f4696236b479430f4b1722c7e5c98ac22e517cafb8b6f6c170a32ee0788312e02
SSDEEP

3072:wmMbA4UbOB2P06J/RtfwXALweSaIKg/uZsLb4:w1vUa2PjWXAsevgdLk

Score

10^/10

cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

http://service-b4ibcyjt-1325935989.sh.tencentapigw.com:80/bootstrap-2.min.js

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)

Signatures

Cobaltstrike family
cobaltstrike

Files

企业签名解密专用解密工具.exe
.exe windows:6 windows x64 arch:x64

2531c4c19c9440cf50adda231225784c

Code Sign

7d:46:7c:5a:c9:94:20:f6:a7:e2:a8:9e:d6:14:72:b4
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

06/05/2023, 00:00

Not After

05/05/2026, 23:59

Subject

CN=Johannes Schindelin,O=Johannes Schindelin,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:23:8e:c6:b7:d0:06:9a:7f:82:ac:06:b3:43:03:47:8a:e3:74:8d:bf:e0:42:98:61:3c:cd:5d:ac:30:b7:84
Signer

Actual PE Digest

a2:23:8e:c6:b7:d0:06:9a:7f:82:ac:06:b3:43:03:47:8a:e3:74:8d:bf:e0:42:98:61:3c:cd:5d:ac:30:b7:84

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\MyPrograms\vs2022\vt01\vt\x64\Release\vt.pdb

Imports

kernel32

ResumeThread
UnmapViewOfFile
CloseHandle
QueueUserAPC
CreateProcessA
CreateFileMappingW
MapViewOfFile
RtlLookupFunctionEntry
GetModuleHandleW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
RtlCaptureContext
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess

api-ms-win-core-memory-l1-1-5

MapViewOfFileNuma2

vcruntime140

__C_specific_handler
__current_exception
memset
__current_exception_context
memcpy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_cexit
terminate
_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
_seh_filter_exe
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_set_app_type
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2531c4c19c9440cf50adda231225784c

Code Sign

7d:46:7c:5a:c9:94:20:f6:a7:e2:a8:9e:d6:14:72:b4Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a2:23:8e:c6:b7:d0:06:9a:7f:82:ac:06:b3:43:03:47:8a:e3:74:8d:bf:e0:42:98:61:3c:cd:5d:ac:30:b7:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

api-ms-win-core-memory-l1-1-5

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 384B

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 512B - Virtual size: 48B

7d:46:7c:5a:c9:94:20:f6:a7:e2:a8:9e:d6:14:72:b4
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a2:23:8e:c6:b7:d0:06:9a:7f:82:ac:06:b3:43:03:47:8a:e3:74:8d:bf:e0:42:98:61:3c:cd:5d:ac:30:b7:84
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 384B

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 512B - Virtual size: 48B