artifact.exe

First submission 2024-10-14 17:53:03

File details

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type:	application/x-dosexec
File size:	17.5 KB (17920 bytes)
Compile time:	2020-06-09 02:17:26
MD5:	cecc2b6b3bd5983b991fd86a185952b6
SHA1:	2f09b4c7edee555b7e0c5158c8bfd57de9796d73
SHA256:	65b69eb0077b583a41b7415b984e71f0da8595c3261d1db19b3cb7dda74b7117
Import Hash :	17b461a082950fc6332228572138b80c
Sections 9	.text .data .rdata .pdata .xdata .bss .idata .CRT .tls
Directories 2	import tls

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

Virus Total:	55/77 VT report date: 2024-10-12 18:29:45
Malware Type 2	trojan hacktool
Threat Type 3	cobaltstrike artifact cobalt

URL	Host (FQDN/IP)	Date Added
hXXp://103.106.0.20:10001/artifact.exe	103.106.0.20	2024-10-14 17:53:03

PE Sections 3 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x20f0	8704	c5abc2f0da1861b3e5507edde6fc681d22787047	ced42b43d3da4274054c4527d2d55598
.data	0x4000	0x490	1536	956cfb42dec8625084d293033fbfcd09e916350b	26b45d48cba5b7cbd2073c317bdec377
.rdata	0x5000	0x2d0	1024	d5ed2077c056ffc6649233457bbbd316cb43107e	ef8446fecde31440a3d5343e87ced8f2
.pdata	0x6000	0x27c	1024	9d6be246531edd848929dbac49e09a5569ac9ce5	dcf4253a23d9298367604691d75f37a8
.xdata	0x7000	0x238	1024	738c83caffc5bb909ed06be3e6a21710649f5f61	95aa1f413e225af0b35a4a6c737bfa5c
.bss	0x8000	0xa30	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0x9000	0x958	2560	aae5794c9c7791de82f15c4e0314c53ccf7b8169	5c733ad7c412aabc8ab19cc944c90f76
.CRT	0xa000	0x68	512	a1c70c92f2bd291957c45e1fe9fb7f1cfb09e244	3782ccb1768dffbc081e1009eb3d506d
.tls	0xb000	0x48	512	acaff1bc98ebbb6b0ac15df3fd8f6b7449e455e2	927ed90da850daf02f2a85191e453c7c

Microsoft Visual C++ 8.0 (DLL)

KERNEL32.dll 34 msvcrt.dll 29

Function	Address	Souspicious	Anti Debug
CloseHandle	0x409244
ConnectNamedPipe	0x40924c
CreateFileA	0x409254
CreateNamedPipeA	0x40925c
CreateThread	0x409264
DeleteCriticalSection	0x40926c
EnterCriticalSection	0x409274
GetCurrentProcess	0x40927c
GetCurrentProcessId	0x409284
GetCurrentThreadId	0x40928c
GetLastError	0x409294
GetModuleHandleA	0x40929c
GetProcAddress	0x4092a4
GetStartupInfoA	0x4092ac
GetSystemTimeAsFileTime	0x4092b4
GetTickCount	0x4092bc
InitializeCriticalSection	0x4092c4
LeaveCriticalSection	0x4092cc
LoadLibraryW	0x4092d4
QueryPerformanceCounter	0x4092dc
ReadFile	0x4092e4
RtlAddFunctionTable	0x4092ec
RtlCaptureContext	0x4092f4
RtlLookupFunctionEntry	0x4092fc
RtlVirtualUnwind	0x409304
SetUnhandledExceptionFilter	0x40930c
Sleep	0x409314
TerminateProcess	0x40931c
TlsGetValue	0x409324
UnhandledExceptionFilter	0x40932c
VirtualAlloc	0x409334
VirtualProtect	0x40933c
VirtualQuery	0x409344
WriteFile	0x40934c

Function	Address	Souspicious	Anti Debug
__C_specific_handler	0x40935c
__dllonexit	0x409364
__getmainargs	0x40936c
__initenv	0x409374
__iob_func	0x40937c
__lconv_init	0x409384
__set_app_type	0x40938c
__setusermatherr	0x409394
_acmdln	0x40939c
_amsg_exit	0x4093a4
_cexit	0x4093ac
_fmode	0x4093b4
_initterm	0x4093bc
_lock	0x4093c4
_onexit	0x4093cc
_unlock	0x4093d4
abort	0x4093dc
calloc	0x4093e4
exit	0x4093ec
fprintf	0x4093f4
free	0x4093fc
fwrite	0x409404
malloc	0x40940c
memcpy	0x409414
signal	0x40941c
sprintf	0x409424
strlen	0x40942c
strncmp	0x409434
vfprintf	0x40943c

Name	Latest seen	MD5
lang.exe	2022-08-29 08:03:02	e0cdee12295b5f23c05723781cd30411
361.exe	2022-11-15 17:29:08	4fc774f9f91c0c5ce00d759392e2fe19
8082-x64.exe	2023-01-08 16:35:01	4fca0701b976c08a3a657a546bc82d7c
artifact.exe	2024-05-29 22:32:02	3a87727e80537e3d27798bc4af55a54b
abc	2024-06-06 20:10:01	710fea9f63e3a9073d20794697fdccd9
chat.exe	2024-06-08 20:22:06	4c0deb28ba6ff90d8dcd8113b494442b
%E5%9B%BD%E5%BA%86%E5%BB%B6%E8%BF%9F%E6%94%BE%E5%81%87%E9%80%9A%E7%9F%A5.exe	2024-06-27 10:12:02	d0e72468c01cf13b48c0a5ee2a310cb2