Celery X[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Celery X.exe
Size

852.0MB
MD5

d628f8810e66912a850e33fd64845946
SHA1

0d5e42e3aeffe8b790f0cc0a6a25c417e0fc779a
SHA256

62c4009f76be3201b81d215e99d255196c7e0e4d926cc3cb8215e97b1db4f3d0
SHA512

eede6f0a2a514a2dd53377f2dd354efc5ccacb66dcdeced6344fd68f26630ce8cadc34af7191f8598f0124169098a41b3c243e6d2d1437dee83f6189b7f19430
SSDEEP

6144:glkR8eJ4F0MpFgkN2swVLq0pKG/ZdVj8bXqv0MBN7EzWcKq3jXycUsn8b:gfj2zVq6KG/HVTsMb/4icUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Celery X.exe

Files

Celery X.exe
.exe windows:6 windows x86 arch:x86

28d5eb0c51666da2407c189d41fe50b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
OpenProcess
VirtualAllocEx
WriteFile
WriteProcessMemory
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetComputerNameA
HeapSize
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
FindFirstFileW
GetFileAttributesA
FindClose
ReadProcessMemory
CreateFileW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
WideCharToMultiByte
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
HeapAlloc
HeapFree
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
WriteConsoleW

user32

GetDC
MessageBoxW
ReleaseDC

gdi32

TextOutW

advapi32

GetUserNameA
LogonUserA

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitialize

userenv

CreateEnvironmentBlock

msi

ord87

shlwapi

StrCmpIW
PathFileExistsW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28d5eb0c51666da2407c189d41fe50b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

userenv

msi

shlwapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 4KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 4KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 7KB