-
Notifications
You must be signed in to change notification settings - Fork 317
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cobalt Strike shellcode seems to be recognized as PE #28
Comments
Managed to make it work by setting the |
it seems that |
Here's the output of
|
based on https://malware.news/t/cobaltstrike-beacon-dll-your-no-ordinary-mz-header/34458 it seems that cobalt strike generates a shellcode that starts with a specially crafted DOS header and if confirmed, a solution would be to add a new command-line option to force the payload to be treated as raw shellcode despite the |
I have the same issue... any update of this topic? |
a workaround was posted by @zanemendoza123 above and a long-term solution was suggested by me. unfortunately i haven't worked on it, does someone mind to send a PR with the proposed fix? (i.e. add -shellcode command line option) |
Would like to close this issue since the CLI option |
I installed PEZor by following the guide. To test PEzor, I generated a payload using the following:
And when I used PEzor on the generated payload, I got the following error:
If I used Payload Generator just like below:
PEzor works fine and I don't see any error
Any one here can shed some light on why I'm getting the error?
The text was updated successfully, but these errors were encountered: