E:\My Project\Project1\x64\Release\Project1.pdb
General
-
Target
malware.7z
-
Size
262KB
-
MD5
2be2fc8c923efc3bd009df3971832dd6
-
SHA1
8258ad612bbc1c0689462618b159113032edbbe8
-
SHA256
26c0f109b82df8b05ed496d4dc79bf5ba5eaab883fb5fde1bf3099f38773e422
-
SHA512
323f71aa93920de214633464130e7cf9217226ee5992e231d7eae6a438640b05aa59443feea84f94e5234325c3231fa04b9fc6a4cc11d3dd1eedf1d4462ee90e
-
SSDEEP
6144:nWg+N3liG6gnVi3VX1+GE8dFk+JbuDqMm7KOJMn:WgITVaSHqMmeOQ
Score
10/10
Malware Config
Signatures
-
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Project2.exe
Files
-
malware.7z.7z
-
Project2.exe.exe windows:6 windows x64 arch:x64
10d6b1e8d27f0a097be842220709b875
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
VirtualAlloc
GetLastError
CreateFileA
CloseHandle
ReadFileEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlCaptureContext
vcruntime140
__C_specific_handler
__current_exception
__current_exception_context
memset
memcpy
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vfprintf
__stdio_common_vfwprintf
__acrt_iob_func
__p__commode
_set_fmode
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_seh_filter_exe
_set_app_type
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_cexit
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 432B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Shellcode2.bin.js