General

Malware Config

Signatures

Files

• Celery.zip

  .zip

  Password: infected

• Celery/Celery V1.exe

  .exe windows:4 windows x86 arch:x86

  f4639a0b3116c2cfc71144b88a929cfd

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  RegEnumValueW

  RegEnumKeyW

  RegQueryValueExW

  RegSetValueExW

  RegCloseKey

  RegDeleteValueW

  RegDeleteKeyW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  RegOpenKeyExW

  RegCreateKeyExW

  shell32

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHGetFileInfoW

  SHFileOperationW

  ShellExecuteExW

  ole32

  CoCreateInstance

  OleUninitialize

  OleInitialize

  IIDFromString

  CoTaskMemFree

  comctl32

  ImageList_Destroy

  ord17

  ImageList_AddMasked

  ImageList_Create

  user32

  MessageBoxIndirectW

  GetDlgItemTextW

  SetDlgItemTextW

  CreatePopupMenu

  AppendMenuW

  TrackPopupMenu

  OpenClipboard

  EmptyClipboard

  SetClipboardData

  CloseClipboard

  IsWindowVisible

  CallWindowProcW

  GetMessagePos

  CheckDlgButton

  LoadCursorW

  SetCursor

  GetSysColor

  SetWindowPos

  GetWindowLongW

  IsWindowEnabled

  SetClassLongW

  GetSystemMenu

  EnableMenuItem

  GetWindowRect

  ScreenToClient

  EndDialog

  RegisterClassW

  SystemParametersInfoW

  CharPrevW

  GetClassInfoW

  DialogBoxParamW

  CharNextW

  ExitWindowsEx

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  FindWindowExW

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  ReleaseDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  CharNextA

  wsprintfA

  DispatchMessageW

  CreateWindowExW

  PeekMessageW

  GetSystemMetrics

  gdi32

  GetDeviceCaps

  SetBkColor

  SelectObject

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  kernel32

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  RemoveDirectoryW

  CreateProcessW

  CreateDirectoryW

  GetLastError

  CreateThread

  GlobalLock

  GlobalUnlock

  GetDiskFreeSpaceW

  WideCharToMultiByte

  lstrcpynW

  lstrlenW

  SetErrorMode

  GetVersionExW

  GetCommandLineW

  GetTempPathW

  GetWindowsDirectoryW

  WriteFile

  CopyFileW

  ExitProcess

  GetCurrentProcess

  GetModuleFileNameW

  GetFileSize

  GetTickCount

  Sleep

  SetFileAttributesW

  GetFileAttributesW

  SetCurrentDirectoryW

  MoveFileW

  GetFullPathNameW

  GetShortPathNameW

  SearchPathW

  CompareFileTime

  SetFileTime

  CloseHandle

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalFree

  GlobalAlloc

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  lstrlenA

  MultiByteToWideChar

  ReadFile

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  MulDiv

  lstrcpyA

  MoveFileExW

  lstrcatW

  GetSystemDirectoryW

  GetProcAddress

  GetModuleHandleA

  GetExitCodeProcess

  WaitForSingleObject

  SetEnvironmentVariableW

  Sections

  .text

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 126KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 64KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $INTERNET_CACHE/Adventure
• $INTERNET_CACHE/And
• $INTERNET_CACHE/Curve
• $INTERNET_CACHE/Essence
• $INTERNET_CACHE/Hormone
• $INTERNET_CACHE/Kinds
• $INTERNET_CACHE/Medline
• $INTERNET_CACHE/Occurrence
• $INTERNET_CACHE/Proprietary
• $INTERNET_CACHE/Reviewed
• $INTERNET_CACHE/Rpg
• $INTERNET_CACHE/Spirituality
• $INTERNET_CACHE/Tuesday
• Celery/dll/VMProtectSDK32.dll

  .dll windows:5 windows x86 arch:x86

  b9f19b4d3ce951c4ff6196681bbb3439

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  IsDebuggerPresent

  GetLocalTime

  GetTickCount

  GetModuleFileNameW

  GetPrivateProfileStringW

  MultiByteToWideChar

  WideCharToMultiByte

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  GetStartupInfoW

  GetModuleHandleW

  InterlockedFlushSList

  RtlUnwind

  GetLastError

  SetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  ExitProcess

  GetModuleHandleExW

  GetModuleFileNameA

  HeapFree

  HeapAlloc

  GetStringTypeW

  GetACP

  GetStdHandle

  GetFileType

  LCMapStringW

  FindClose

  FindFirstFileExA

  FindNextFileA

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetProcessHeap

  SetStdHandle

  HeapSize

  HeapReAlloc

  GetConsoleMode

  FlushFileBuffers

  WriteFile

  GetConsoleCP

  SetFilePointerEx

  CloseHandle

  WriteConsoleW

  DecodePointer

  CreateFileW

  RaiseException

  Exports

  Exports

  VMProtectActivateLicense

  VMProtectBegin

  VMProtectBeginMutation

  VMProtectBeginUltra

  VMProtectBeginUltraLockByKey

  VMProtectBeginVirtualization

  VMProtectBeginVirtualizationLockByKey

  VMProtectDeactivateLicense

  VMProtectDecryptStringA

  VMProtectDecryptStringW

  VMProtectEnd

  VMProtectFreeString

  VMProtectGetCurrentHWID

  VMProtectGetOfflineActivationString

  VMProtectGetOfflineDeactivationString

  VMProtectGetSerialNumberData

  VMProtectGetSerialNumberState

  VMProtectIsDebuggerPresent

  VMProtectIsProtected

  VMProtectIsValidImageCRC

  VMProtectIsVirtualMachinePresent

  VMProtectSetSerialNumber

  Sections

  .text

  Size: 64KB - Virtual size: 64KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 26KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 160B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Celery/dll/VMProtectSDK32.lib
• Celery/dll/autoexec/HOW_TO_USE.txt
• Celery/dll/celeryuwp.bin

  .dll windows:6 windows x86 arch:x86

  1c23c1ea89b7252f3716da06ebe3581f

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  RemoveDirectoryW

  WriteFile

  GetTempPathW

  CloseHandle

  GetCurrentProcess

  GetCurrentProcessId

  VirtualAlloc

  VirtualFree

  GetModuleHandleA

  GetModuleHandleW

  lstrcpyW

  lstrcatW

  K32EnumProcessModules

  K32GetModuleFileNameExW

  VirtualAllocEx

  VirtualProtectEx

  WriteProcessMemory

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetSystemTimeAsFileTime

  OutputDebugStringW

  MultiByteToWideChar

  WideCharToMultiByte

  GetFileAttributesW

  SetEvent

  WaitForSingleObjectEx

  CreateEventW

  FormatMessageW

  GetProcessHeaps

  HeapLock

  HeapUnlock

  HeapWalk

  GetConsoleWindow

  SetPriorityClass

  GetConsoleMode

  FindClose

  FindFirstFileA

  FindNextFileA

  InitializeSListHead

  GetCurrentThreadId

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  ResetEvent

  InitializeCriticalSectionAndSpinCount

  TerminateProcess

  ReadFile

  DeleteFileW

  CreateFileW

  QueryPerformanceFrequency

  FreeLibrary

  LoadLibraryW

  GetProcAddress

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  GetLastError

  lstrlenA

  VirtualProtect

  Sleep

  QueryPerformanceCounter

  VirtualQuery

  GlobalFree

  GlobalLock

  CreateDirectoryW

  GlobalUnlock

  GlobalAlloc

  SetThreadPriority

  GetSystemInfo

  user32

  GetCapture

  SetCapture

  ReleaseCapture

  GetForegroundWindow

  GetWindowLongW

  GetClientRect

  SetCursorPos

  GetKeyState

  GetCursorPos

  ClientToScreen

  ScreenToClient

  LoadCursorW

  GetWindowTextA

  GetWindowTextLengthA

  GetWindowThreadProcessId

  ShowWindow

  SetCursor

  GetClipboardData

  SetRect

  IsChild

  OpenClipboard

  FillRect

  GetMonitorInfoW

  MonitorFromWindow

  FindWindowA

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  DefWindowProcW

  CallWindowProcW

  GetWindowRect

  SetWindowLongW

  gdi32

  GetCurrentObject

  CreateSolidBrush

  GetObjectW

  DeleteObject

  advapi32

  CheckTokenMembership

  GetSidSubAuthority

  FreeSid

  GetUserNameW

  GetCurrentHwProfileW

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  AllocateAndInitializeSid

  DuplicateToken

  CreateWellKnownSid

  GetTokenInformation

  msvcp140

  _Query_perf_frequency

  _Query_perf_counter

  ?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ

  ?_Incref@facet@locale@std@@UAEXXZ

  ??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ

  ??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z

  ?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z

  ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

  ?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z

  ?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z

  ??4?$_Yarn@D@std@@QAEAAV01@PBD@Z

  ?_Xlength_error@std@@YAXPBD@Z

  ?_Xout_of_range@std@@YAXPBD@Z

  _Thrd_detach

  _Cnd_do_broadcast_at_thread_exit

  ?_Throw_C_error@std@@YAXH@Z

  ?_Throw_Cpp_error@std@@YAXH@Z

  ?uncaught_exception@std@@YA_NXZ

  ?good@ios_base@std@@QBE_NXZ

  ?flags@ios_base@std@@QBEHXZ

  ?width@ios_base@std@@QBE_JXZ

  ?width@ios_base@std@@QAE_J_J@Z

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

  ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

  ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

  ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

  ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

  ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

  ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z

  ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

  ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

  ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z

  ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

  ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

  ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

  ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

  ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

  ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

  ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  _Xtime_get_ticks

  ??Bid@locale@std@@QAEIXZ

  d3dcompiler_47

  D3DCompile

  d3d11

  D3D11CreateDeviceAndSwapChain

  imm32

  ImmReleaseContext

  ImmSetCompositionWindow

  ImmGetContext

  xinput1_4

  ord2

  ord4

  urlmon

  URLOpenBlockingStreamA

  ws2_32

  gethostname

  WSAIoctl

  __WSAFDIsSet

  setsockopt

  listen

  select

  shutdown

  closesocket

  sendto

  recvfrom

  inet_ntoa

  getsockopt

  getsockname

  ioctlsocket

  bind

  ntohs

  htonl

  getaddrinfo

  WSACleanup

  WSAStartup

  gethostbyname

  gethostbyaddr

  socket

  send

  recv

  inet_addr

  accept

  connect

  htons

  vcruntime140

  __std_type_info_destroy_list

  _except_handler4_common

  __current_exception_context

  __current_exception

  strrchr

  _except_handler3

  strchr

  strstr

  _purecall

  memset

  memchr

  memmove

  memcpy

  memcmp

  __CxxFrameHandler3

  _CxxThrowException

  __std_exception_destroy

  __std_exception_copy

  api-ms-win-crt-runtime-l1-1-0

  terminate

  _beginthreadex

  abort

  strerror

  _invalid_parameter_noinfo_noreturn

  signal

  _seh_filter_dll

  _configure_narrow_argv

  _initialize_narrow_environment

  _initialize_onexit_table

  _initterm_e

  _register_onexit_function

  _initterm

  _execute_onexit_table

  _crt_atexit

  exit

  _errno

  _cexit

  perror

  api-ms-win-crt-string-l1-1-0

  iscntrl

  isgraph

  ispunct

  isxdigit

  isdigit

  _strdup

  islower

  isupper

  isalpha

  tolower

  _wcsicmp

  isalnum

  strncpy

  strcspn

  strncat

  strcat_s

  strnlen

  toupper

  isspace

  strncmp

  _strnicmp

  _stricmp

  strpbrk

  api-ms-win-crt-convert-l1-1-0

  _strtoui64

  atol

  strtoull

  mbstowcs

  strtod

  atoi

  atof

  strtoul

  api-ms-win-crt-math-l1-1-0

  _libm_sse2_tan_precise

  _libm_sse2_pow_precise

  _CIatan2

  _libm_sse2_sqrt_precise

  _libm_sse2_log_precise

  _libm_sse2_log10_precise

  _libm_sse2_exp_precise

  _libm_sse2_sin_precise

  _libm_sse2_atan_precise

  _libm_sse2_asin_precise

  _libm_sse2_cos_precise

  _CItanh

  _CIsinh

  _CIcosh

  round

  log2

  _dsign

  _CIfmod

  frexp

  modf

  ldexp

  floor

  _fdopen

  ceil

  _libm_sse2_acos_precise

  api-ms-win-crt-stdio-l1-1-0

  fputc

  feof

  fclose

  __stdio_common_vsprintf_s

  __stdio_common_vswprintf

  fopen

  fgets

  fread

  fseek

  ftell

  getchar

  fwrite

  ferror

  _wfopen

  setvbuf

  _ftelli64

  _fseeki64

  __acrt_iob_func

  __stdio_common_vsprintf

  _setmode

  fflush

  _fileno

  _get_osfhandle

  _isatty

  __stdio_common_vsscanf

  _open

  __stdio_common_vfprintf

  api-ms-win-crt-heap-l1-1-0

  malloc

  calloc

  free

  _callnewh

  realloc

  api-ms-win-crt-utility-l1-1-0

  qsort

  rand

  api-ms-win-crt-filesystem-l1-1-0

  _stat64

  _chmod

  _findclose

  _wstat32

  remove

  _unlink

  _mkdir

  _findnext64i32

  _findfirst64i32

  api-ms-win-crt-time-l1-1-0

  _utime64

  strftime

  _mkgmtime64

  __daylight

  clock

  _time64

  _tzset

  _difftime64

  _localtime64_s

  __timezone

  _gmtime64_s

  _localtime64

  api-ms-win-crt-environment-l1-1-0

  getenv

  Exports

  Exports

  FW1CreateFactory

  _FW1CreateFactory@8

  Sections

  .text

  Size: 3.6MB - Virtual size: 3.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 481KB - Virtual size: 480KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 85KB - Virtual size: 166KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 248B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 99KB - Virtual size: 98KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Celery/dll/celeryuwpver
• Celery/dll/uwpoff.bin
• Celery/dll/uwpoffver
• Celery/dll/uwpversion.txt
• Celery/scripts/scripts.dll

  .dll regsvr32 windows:5 windows x86 arch:x86

  a9fd3e7f71a802c8eee0a502f46de991

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  04-03-2014 00:00

  Not After

  03-03-2024 23:59

  Subject

  CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  4e:a1:e8:9e:15:ea:4f:fa:93:79:84:d8:8f:54:5f:ba

  Certificate

  Issuer

  CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  14-05-2015 00:00

  Not After

  07-05-2017 23:59

  Subject

  SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Flash Player,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  58:87:9f:24:25:99:c5:8a:6a:3d:a1:73:d2:9f:04:d8:cb:0a:4b:54

  Signer

  Actual PE Digest

  58:87:9f:24:25:99:c5:8a:6a:3d:a1:73:d2:9f:04:d8:cb:0a:4b:54

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  Flash.pdb

  Imports

  version

  VerQueryValueW

  GetFileVersionInfoW

  VerQueryValueA

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  GetFileVersionInfoSizeW

  winmm

  mixerGetID

  waveInGetDevCapsA

  waveOutGetDevCapsA

  waveOutMessage

  waveOutGetDevCapsW

  waveInGetDevCapsW

  waveOutGetNumDevs

  waveInGetNumDevs

  waveInStart

  waveInAddBuffer

  waveInStop

  waveInMessage

  waveInUnprepareHeader

  waveInReset

  waveInPrepareHeader

  waveInOpen

  timeKillEvent

  timeGetTime

  timeSetEvent

  timeEndPeriod

  timeBeginPeriod

  timeGetDevCaps

  waveOutWrite

  waveOutPrepareHeader

  waveOutUnprepareHeader

  waveOutReset

  waveOutClose

  waveOutOpen

  waveOutGetPosition

  mixerClose

  mixerGetLineControlsA

  mixerGetLineInfoA

  mixerGetDevCapsA

  mixerOpen

  mixerGetControlDetailsA

  waveOutRestart

  waveOutPause

  mixerSetControlDetails

  waveInClose

  waveInGetPosition

  wininet

  InternetSetCookieW

  InternetGetCookieW

  crypt32

  CertFindCertificateInStore

  CertVerifySubjectCertificateContext

  CertCreateCertificateContext

  CryptGetMessageCertificates

  CryptVerifyMessageSignature

  CertAddStoreToCollection

  CertOpenStore

  CertVerifyRevocation

  CertFreeCertificateContext

  CertCompareCertificate

  CertEnumCertificatesInStore

  CertAddCertificateContextToStore

  CertCompareCertificateName

  CryptFindOIDInfo

  CertRDNValueToStrW

  CertFindRDNAttr

  CryptDecodeObjectEx

  CertNameToStrW

  CertCloseStore

  CertVerifyTimeValidity

  oleaut32

  SysAllocString

  VariantClear

  VariantInit

  SysStringByteLen

  SysStringLen

  SysAllocStringLen

  SysFreeString

  RegisterTypeLi

  VarUI4FromStr

  LoadRegTypeLi

  LoadTypeLi

  VarBstrCat

  SysAllocStringByteLen

  SafeArrayUnlock

  SafeArrayLock

  SafeArrayCreateVector

  SafeArrayUnaccessData

  SafeArrayDestroy

  SafeArrayAccessData

  VariantChangeType

  OleCreatePropertyFrame

  UnRegisterTypeLi

  dsound

  ord1

  ord8

  msimg32

  AlphaBlend

  kernel32

  GetTickCount

  LCMapStringW

  CreateProcessA

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  FindClose

  FindNextFileW

  RemoveDirectoryW

  FindFirstFileW

  SystemTimeToFileTime

  GetSystemTime

  GetFileSizeEx

  CreateFileW

  CreateDirectoryW

  GetProcessTimes

  GetCurrentProcessId

  GlobalSize

  GetSystemDirectoryA

  GetTempFileNameW

  GetSystemInfo

  GetUserDefaultUILanguage

  MoveFileExW

  VirtualQuery

  GetUserDefaultLangID

  DeleteFileA

  CreateFileA

  WriteFile

  SetFilePointer

  VerifyVersionInfoW

  VerSetConditionMask

  ReadFile

  GetFileSize

  CreateThread

  LockResource

  FindResourceExA

  FindResourceExW

  SetUnhandledExceptionFilter

  GetTempPathW

  GetTimeZoneInformation

  ReleaseSemaphore

  CreateSemaphoreW

  DeviceIoControl

  GetFileAttributesExW

  ExpandEnvironmentStringsA

  GetLongPathNameW

  GetTempFileNameA

  GetTempPathA

  CreateDirectoryA

  FindResourceW

  SetFilePointerEx

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetFullPathNameW

  OutputDebugStringA

  GetFileInformationByHandle

  GetVolumeInformationW

  TryEnterCriticalSection

  UnmapViewOfFile

  ReleaseMutex

  MapViewOfFile

  CreateFileMappingA

  GetExitCodeThread

  DuplicateHandle

  TerminateThread

  CreateWaitableTimerW

  SetThreadPriority

  CompareFileTime

  QueryPerformanceCounter

  QueryPerformanceFrequency

  QueueUserAPC

  OpenThread

  SleepEx

  SwitchToThread

  SetEndOfFile

  FlushFileBuffers

  GlobalMemoryStatusEx

  IsDebuggerPresent

  SetSystemTime

  FileTimeToSystemTime

  TlsAlloc

  TlsFree

  ResumeThread

  CreateTimerQueueTimer

  DeleteTimerQueueTimer

  CreateSemaphoreA

  HeapAlloc

  HeapFree

  HeapUnlock

  HeapWalk

  HeapLock

  HeapCreate

  HeapDestroy

  VirtualProtect

  GetNumberFormatW

  GetCurrencyFormatW

  CompareStringW

  GetDateFormatW

  GetTimeFormatW

  GetUserDefaultLCID

  IsValidLocale

  EnumSystemLocalesW

  GetProcessHeap

  GetProcessAffinityMask

  IsProcessorFeaturePresent

  ExitProcess

  UnhandledExceptionFilter

  RtlUnwind

  GetCommandLineA

  ExitThread

  HeapReAlloc

  GetLocaleInfoW

  GetSystemTimeAsFileTime

  GetStdHandle

  SetConsoleCtrlHandler

  InitializeCriticalSectionAndSpinCount

  GetOEMCP

  IsValidCodePage

  SetHandleCount

  GetFileType

  GetStartupInfoA

  LCMapStringA

  GetConsoleCP

  GetConsoleMode

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetStdHandle

  GetStringTypeA

  GetStringTypeW

  EnumSystemLocalesA

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CompareStringA

  SetEnvironmentVariableA

  GetNativeSystemInfo

  lstrcpynW

  GlobalMemoryStatus

  FlushConsoleInputBuffer

  LoadResource

  SizeofResource

  DisableThreadLibraryCalls

  SetLastError

  OutputDebugStringW

  GetCurrentThreadId

  GetModuleFileNameW

  GetVersionExA

  GetModuleFileNameA

  GetFileAttributesA

  SetFileAttributesA

  LocalAlloc

  LocalFree

  GlobalLock

  GlobalUnlock

  MulDiv

  GetCurrentProcess

  FlushInstructionCache

  lstrcmpiW

  CreateMutexW

  LoadLibraryW

  LoadLibraryA

  GetProcAddress

  WaitForMultipleObjects

  FreeLibrary

  WaitForSingleObject

  ResetEvent

  CloseHandle

  CreateEventW

  SetEvent

  GetModuleHandleW

  GlobalAlloc

  GetLastError

  GetVersionExW

  GetLocaleInfoA

  lstrlenW

  lstrlenA

  WideCharToMultiByte

  GlobalFree

  InterlockedDecrement

  InterlockedIncrement

  DeleteFileW

  GetFileAttributesW

  GetCurrentThread

  SetThreadAffinityMask

  TlsSetValue

  IsDBCSLeadByte

  GetACP

  GetCPInfo

  MultiByteToWideChar

  RaiseException

  HeapSize

  DebugBreak

  ExpandEnvironmentStringsW

  InterlockedExchange

  InterlockedCompareExchange

  Sleep

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  TlsGetValue

  SetConsoleMode

  ReadConsoleInputA

  GetModuleHandleA

  CreateEventA

  CreateWaitableTimerA

  SetWaitableTimer

  CancelWaitableTimer

  InterlockedExchangeAdd

  GetVersion

  VirtualAlloc

  VirtualFree

  CopyFileW

  TerminateProcess

  LoadLibraryExW

  CreateMutexA

  user32

  RegisterClipboardFormatW

  GetWindowThreadProcessId

  RemoveMenu

  SetMenuItemInfoW

  GetMenuItemInfoW

  InsertMenuItemW

  CreatePopupMenu

  TrackPopupMenu

  DestroyMenu

  DrawMenuBar

  CreateMenu

  SetMenuInfo

  CharUpperW

  CharLowerW

  PostThreadMessageW

  GetMessageW

  CloseWindow

  WaitForInputIdle

  TranslateMessage

  DispatchMessageW

  SetWindowTextA

  RedrawWindow

  DialogBoxIndirectParamW

  SetWindowTextW

  SendMessageTimeoutW

  CreateIconIndirect

  GetMonitorInfoW

  SetRectEmpty

  GetCursor

  DestroyIcon

  LoadImageW

  GetPropW

  SetPropW

  GetSystemMetrics

  InflateRect

  GetClipboardFormatNameA

  RegisterClipboardFormatA

  IsWindow

  PtInRect

  EqualRect

  SetWindowRgn

  BeginPaint

  EndPaint

  GetSubMenu

  MapVirtualKeyW

  LoadStringW

  IntersectRect

  CloseClipboard

  GetClipboardData

  OpenClipboard

  IsClipboardFormatAvailable

  SetClipboardData

  EmptyClipboard

  EnumDisplayDevicesW

  DestroyCaret

  ShowCaret

  CreateCaret

  SetCaretPos

  MoveWindow

  GetActiveWindow

  UnregisterClassA

  LoadIconA

  DeleteMenu

  RegisterClassExA

  CreateWindowExA

  ReleaseCapture

  UpdateWindow

  SystemParametersInfoW

  GetMessageTime

  LoadIconW

  RegisterClassW

  IsWindowVisible

  DialogBoxParamW

  GetDlgItem

  EndDialog

  SetWindowPos

  GetKeyState

  LoadStringA

  MessageBoxA

  SendMessageW

  GetQueueStatus

  SetTimer

  GetCapture

  SetCursor

  GetCursorPos

  WindowFromPoint

  ScreenToClient

  GetClientRect

  SetCapture

  MessageBoxW

  KillTimer

  PeekMessageW

  EnableMenuItem

  CheckMenuItem

  GetWindowInfo

  CopyRect

  PostQuitMessage

  ClientToScreen

  SendInput

  ActivateKeyboardLayout

  GetKeyboardLayout

  GetWindowRect

  UpdateLayeredWindow

  UnregisterClassW

  GetParent

  GetFocus

  IsChild

  SetFocus

  RegisterClassExW

  InvalidateRect

  DefWindowProcW

  UnionRect

  CallWindowProcW

  GetDC

  ReleaseDC

  LoadCursorW

  GetClassInfoExW

  GetWindowLongW

  SetWindowLongW

  CharNextW

  SetRect

  GetForegroundWindow

  GetDesktopWindow

  EnumDisplayDevicesA

  MonitorFromWindow

  FillRect

  OffsetRect

  FlashWindowEx

  GetSystemMenu

  IsZoomed

  GetWindowPlacement

  SetWindowPlacement

  ShowWindowAsync

  IsIconic

  EnumDisplaySettingsW

  MapWindowPoints

  GetWindowTextLengthW

  CreateWindowExW

  ShowWindow

  DestroyWindow

  GetDoubleClickTime

  EnumWindows

  PostMessageW

  IsWindowEnabled

  GetWindow

  GetClassNameA

  GetWindowTextW

  GetWindowTextA

  DefWindowProcA

  GetWindowLongA

  LoadCursorA

  SetWindowLongA

  PostMessageA

  RegisterWindowMessageA

  EnumDisplayMonitors

  MonitorFromRect

  GetMonitorInfoA

  wsprintfW

  GetUserObjectInformationW

  GetProcessWindowStation

  SetCursorPos

  gdi32

  GetDeviceCaps

  CreateDIBSection

  SelectObject

  GetStockObject

  GetObjectW

  DeleteObject

  GdiFlush

  DeleteDC

  CreateMetaFileW

  GetClipBox

  SetViewportOrgEx

  LPtoDP

  CreateRectRgnIndirect

  GetObjectType

  GetICMProfileA

  CreateDCA

  SetPixel

  TextOutW

  SetTextAlign

  DeleteMetaFile

  CreateBitmap

  CreateFontIndirectW

  GetTextExtentPoint32A

  ExtTextOutA

  GetTextExtentPoint32W

  GetTextMetricsW

  SetTextColor

  CreateFontIndirectA

  IntersectClipRect

  GetClipRgn

  CreateRectRgn

  SetBkMode

  SelectClipRgn

  SetTextCharacterExtra

  GetTextAlign

  GetBkMode

  GetTextColor

  GetCurrentObject

  GetBkColor

  EnumFontFamiliesA

  CreatePen

  DPtoLP

  GetTextCharacterExtra

  SetWorldTransform

  SetGraphicsMode

  GetWorldTransform

  StartDocW

  EndDoc

  StrokePath

  ExtCreatePen

  FillPath

  StartPage

  EndPage

  BeginPath

  EndPath

  SetPolyFillMode

  PolyBezierTo

  SelectClipPath

  CloseMetaFile

  RestoreDC

  SetWindowExtEx

  SetWindowOrgEx

  SaveDC

  GdiAlphaBlend

  StretchBlt

  BitBlt

  SetStretchBltMode

  CreateCompatibleBitmap

  ExtTextOutW

  SetBkColor

  GetStretchBltMode

  EnumFontFamiliesW

  CreateSolidBrush

  GetFontData

  EnumFontFamiliesExW

  LineTo

  MoveToEx

  Rectangle

  StretchDIBits

  CreateCompatibleDC

  RectVisible

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  CommDlgExtendedError

  PrintDlgW

  advapi32

  CryptDecrypt

  CryptSetKeyParam

  CryptGetHashParam

  CryptHashData

  CryptDestroyHash

  CryptAcquireContextA

  CryptCreateHash

  CryptAcquireContextW

  CryptGenRandom

  CryptReleaseContext

  RegisterEventSourceA

  ReportEventA

  DeregisterEventSource

  OpenProcessToken

  GetTokenInformation

  IsValidSid

  GetSidSubAuthorityCount

  GetSidSubAuthority

  CryptImportKey

  CryptGenKey

  CryptDestroyKey

  CryptExportKey

  CryptEncrypt

  RegOpenKeyA

  RegQueryValueExW

  RegCreateKeyA

  RegEnumKeyExW

  RegCreateKeyExA

  RegSetValueExA

  RegQueryInfoKeyW

  RegSetValueExW

  RegOpenKeyExW

  RegCreateKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  shell32

  SHGetFolderLocation

  SHGetFolderPathW

  ShellExecuteW

  SHGetSpecialFolderPathW

  SHFileOperationW

  SHGetFolderPathA

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHAppBarMessage

  SHGetSettings

  SHGetDiskFreeSpaceExW

  ord165

  ole32

  CoTaskMemRealloc

  CreateOleAdviseHolder

  OleRegEnumVerbs

  OleRegGetUserType

  OleRegGetMiscStatus

  CreateDataAdviseHolder

  StringFromGUID2

  WriteClassStm

  OleSaveToStream

  ReadClassStm

  MkParseDisplayName

  PropVariantClear

  OleFlushClipboard

  OleIsCurrentClipboard

  OleSetClipboard

  OleGetClipboard

  OleUninitialize

  OleInitialize

  CoInitializeEx

  CoRegisterMessageFilter

  CoSetProxyBlanket

  CoTaskMemFree

  CoFreeUnusedLibraries

  CoInitialize

  CreateBindCtx

  CoTaskMemAlloc

  ReleaseStgMedium

  CoCreateInstance

  CoUninitialize

  ws2_32

  socket

  WSAIoctl

  WSAGetLastError

  WSAAsyncSelect

  closesocket

  WSACleanup

  WSASocketA

  ntohl

  gethostname

  WSASocketW

  select

  __WSAFDIsSet

  connect

  ioctlsocket

  WSAEnumNetworkEvents

  WSAEventSelect

  WSACreateEvent

  WSAAddressToStringA

  bind

  sendto

  recvfrom

  WSASetLastError

  getservbyport

  gethostbyaddr

  getservbyname

  htonl

  inet_ntoa

  gethostbyname

  inet_addr

  WSACloseEvent

  htons

  getsockname

  ntohs

  send

  WSAStartup

  setsockopt

  recv

  shlwapi

  UrlCanonicalizeW

  ord158

  PathFindFileNameW

  StrRStrIW

  StrStrIW

  AssocQueryStringW

  urlmon

  HlinkSimpleNavigateToMoniker

  RegisterBindStatusCallback

  CreateURLMoniker

  CopyStgMedium

  mscms

  DeleteColorTransform

  CloseColorProfile

  CreateColorTransformW

  OpenColorProfileW

  TranslateBitmapBits

  iphlpapi

  GetAdaptersAddresses

  psapi

  GetProcessMemoryInfo

  Exports

  Exports

  AdobeCPGetAPI

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  IAEModule_AEModule_PutKernel

  IAEModule_IAEKernel_LoadModule

  IAEModule_IAEKernel_UnloadModule

  Sections

  .text

  Size: 13.1MB - Virtual size: 13.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rodata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3.6MB - Virtual size: 3.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 836KB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 583KB - Virtual size: 582KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 700KB - Virtual size: 699KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ