| 在线病毒检测器 | v.1.0.183.174 |
| 数据库版本: | 2024-08-06 00:00:54 |
Cobalt Strike是一种付费的渗透测试工具,被安全专业人士用来在目标系统上部署一个名为“Beacon”的代理。Beacon为操作员提供各种功能,包括命令执行、键盘记录、文件传输、SOCKS代理、权限提升、mimikatz、端口扫描和横向移动。Beacon在内存中运行,是无文件的,在利用漏洞或执行shellcode加载器后加载到进程的内存中,避免了磁盘存储。它支持多种协议的通信和分阶段,包括HTTP、HTTPS、DNS、SMB命名管道以及正向和反向TCP连接,具有串联的能力。此外,Cobalt Strike还包括Artifact Kit,用于创建shellcode加载器的工具包。
| File | FateInjector.exe |
| 已检查 | 2024-08-05 21:19:17 |
| MD5 | 9e6de7c7ebd1a00c2f7ddec78ba9403a |
| SHA1 | 65a9e65bf9b2b683ed93ac9848df8b5c9f3d4297 |
| SHA256 | 77a84c4ed29551d8968a9bc5de796d6f8463fa54df8554b3cff91ca83d8ff70d |
| SHA512 | f2dac6efaf4fa6c32b14a45bfa60813b67eb3a46e9a7342d13c1ba3bea3e0a188a5703d34c5fc65d20baae751c334474a9b51d7862d4c74fb60007dd8ce4adc9 |
| Imphash | 7872442659d25a99d4c81847d3fcd592 |
| File Size | 3907584 bytes |
Gridinsoft能够识别并消除Trojan.Win64.CobaltStrike.tr,无需进一步的用户干预。
 |
259972dbbcc21e50f60b08ad42f67873 4480d75e209464d5fed70a39caf90bef 6169d96969995919 |
| Image Base: | 0x140000000 |
| Entry Point: | 0x14023be1c |
| Compilation: | 2021-01-12 16:40:03 |
| Checksum: | 0x00000000 (Actual: 0x003c4930) |
| OS Version: | 6.0 |
| PDB Path: | C:\Users\Fligger\Source\Repos\FateInjector\x64\Release\FateInjector.pdb |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 6 |
| Imports: | KERNEL32, ADVAPI32, COMCTL32, RPCRT4, UxTheme, MSVCP140, MSIMG32, SHLWAPI, VCRUNTIME140_1, VCRUNTIME140, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-filesystem-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-time-l1-1-0, api-ms-win-crt-utility-l1-1-0, api-ms-win-crt-locale-l1-1-0, api-ms-win-crt-environment-l1-1-0, api-ms-win-crt-math-l1-1-0, USER32, GDI32, WINSPOOL, COMDLG32, SHELL32, ole32, |
| Exports: | 0 |
| Resources: | 3 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | MD5 | 熵 |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x002775a5 | 0x00277600 | 60776be3e93fc0446be1014b6ea82e37 | 6.44 |
| .rdata | 0x00279000 | 0x00101622 | 0x00101800 | 06c9a557628dc54178329e46d4f9fe87 | 5.50 |
| .data | 0x0037b000 | 0x00043520 | 0x00014a00 | 50ac0731d4327262bc76ed44b0190f3c | 4.93 |
| .pdata | 0x003bf000 | 0x0001941c | 0x00019600 | 6016041804bdd8b4b573df7285865101 | 6.14 |
| .rsrc | 0x003d9000 | 0x00001d80 | 0x00001e00 | 086250002c1d75e8ab18beb19efb8ff7 | 2.75 |
| .reloc | 0x003db000 | 0x00010f7c | 0x00011000 | 9057eac98e77eb74ed0cb654640dcf31 | 5.45 |
