U:\develop\install\global\Release64\bin\common\KillProcess.pdb
Static task
static1
General
-
Target
2025-05-19_17b1fefe4dfb2bc7dcb40ff27c26afa1_black-basta_cobalt-strike_hijackloader_satacom
-
Size
158KB
-
MD5
17b1fefe4dfb2bc7dcb40ff27c26afa1
-
SHA1
879a6c8418dcda8f98ca8fd8048ba5ee43ea2408
-
SHA256
5dc262307e68186f2ebed477b20f41dfb3fbbc3a9c449f45b8609388d69ffd98
-
SHA512
bb4364bfa6ed50026d6adfbbbc4d3eb435ae5c7311b66d0e1c714b0276be3d4f938723005c379861ce2341cb21b6bcbbcff3157c2c82ddfe9ce898426da6471a
-
SSDEEP
3072:movKI6ewqDXmhWCITs/yF4KZhyIvj4cSj6ub:mgK4wqDXmhWCIQKuKZsOcmub
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2025-05-19_17b1fefe4dfb2bc7dcb40ff27c26afa1_black-basta_cobalt-strike_hijackloader_satacom
Files
-
2025-05-19_17b1fefe4dfb2bc7dcb40ff27c26afa1_black-basta_cobalt-strike_hijackloader_satacom.exe windows:6 windows x64 arch:x64
2a2b0d570388627948fa72dfb670c100
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
shell32
CommandLineToArgvW
kernel32
GetModuleHandleExW
WriteConsoleW
GetCommandLineW
WaitForSingleObject
GetLastError
CloseHandle
LocalFree
CreateProcessA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
Sections
.text Size: 84KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.zero Size: 8KB - Virtual size: 4KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ