celestial_injector[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

celestial_injector.exe
Size

513KB
MD5

d7c6e839c203be9b308b372f3ab025fb
SHA1

b84851bee68aac80d16873f07a98ed56a681bee5
SHA256

d1aea6e385d3db7c65b537a02b1565ac379ef2dcefb13a12dd8c39852ecd52c1
SHA512

630a46bdcb6f7e80d843df8d91f44fb7263c99c4196b1c0b96f17d056041d69fceb56e85ee8adb0ae350e5f4e0a15c46c426ad2795b483e1e898ab379529810b
SSDEEP

12288:pui/QQmSDpHHcvwstdEVotbT/qu65Mfh29vjLehxXGbxIvB:pui/QQmwp8CoMgo9vjOUxI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
celestial_injector.exe

Files

celestial_injector.exe
.exe windows x86

8f941125f040a6e763c8f3509932dd20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
send
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent

crypt32

CertFreeCertificateContext
CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord143
ord41
ord22
ord50
ord45
ord60
ord211
ord46
ord217

kernel32

AreFileApisANSI
GetFileAttributesExW
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetFileInformationByHandleEx
OutputDebugStringW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
InitializeCriticalSectionEx
Sleep
GetLastError
DeleteCriticalSection
GetConsoleWindow
FindFirstFileW
FindClose
CloseHandle
FreeConsole
SetLastError
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
IsDebuggerPresent

normaliz

IdnToAscii

user32

GetCursorPos
SetForegroundWindow
FindWindowA
ShowWindow
AppendMenuW
LoadCursorW
LoadIconW
TranslateMessage
CreateWindowExA
MessageBoxA
GetMessageW
PostQuitMessage
CreatePopupMenu
RegisterClassExW
TrackPopupMenu
DispatchMessageW
DefWindowProcW

gdi32

GetStockObject

advapi32

CryptHashData
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

shell32

Shell_NotifyIconW
SHGetKnownFolderPath

msvcp140

?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
_Xtime_get_ticks
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Syserror_map@std@@YAPBDH@Z
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
?_Winerror_map@std@@YAHH@Z

vcruntime140

strchr
strrchr
memcpy
memmove
strstr
memset
__current_exception
__current_exception_context
_CxxThrowException
_except_handler4_common
memchr
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
_callnewh
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

ftell
fseek
feof
__acrt_iob_func
_open
__stdio_common_vsscanf
fputs
fputc
_close
fopen
_write
_read
fgets
fflush
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
__p__commode
__stdio_common_vsprintf
_set_fmode
fwrite
_lseeki64
fclose
__stdio_common_vfprintf
fgetc

api-ms-win-crt-runtime-l1-1-0

_errno
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
terminate
_controlfp_s
_set_app_type
_configure_narrow_argv
_seh_filter_exe
_initialize_narrow_environment
strerror
__sys_nerr
exit
_cexit
_crt_atexit
_beginthreadex
_exit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
system
_getpid

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atoi
strtoll
strtoull
strtod
wcstombs

api-ms-win-crt-filesystem-l1-1-0

_unlink
_mkdir
_stat64
_access
_unlock_file
_lock_file
_fstat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_gmtime64

api-ms-win-crt-string-l1-1-0

isupper
strpbrk
strncpy
strncmp
_strdup
strspn
strcspn
tolower

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass

Sections

.text
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f941125f040a6e763c8f3509932dd20

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

kernel32

normaliz

user32

gdi32

advapi32

shell32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 396KB - Virtual size: 395KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 396KB - Virtual size: 395KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 18KB - Virtual size: 17KB