CeleryInject[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

CeleryInject.exe
Size

3.1MB
MD5

f8d53a81e84319e95f2baeea6080d775
SHA1

bc5d335440cddc68d843909bcf1c17f994ebb90f
SHA256

268315c248c668f4785ebc9cad639cedf1a4d0057d320c3e664d5201f7881a0d
SHA512

94650712975741734008b04968d869099675ab106ba1b11590e4e0da9f53efd608b42ea1ec6421e7d54e81e6bdfb0c083ee12119d34d010f0544285f9fc5b613
SSDEEP

49152:nVYsWL0fc26yxkDEDGjP8lR8p3foh0zNw:ntWQOw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CeleryInject.exe

Files

CeleryInject.exe
.exe windows:6 windows x64 arch:x64

3641aa54f19357fa0024ba168f1b6426

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Javan\Desktop\Projects\Release\CeleryInject.pdb

Imports

kernel32

GetModuleFileNameW
GetModuleHandleA
GetProcAddress
lstrcatW
lstrlenA
lstrlenW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
K32EnumProcessModules
K32GetModuleFileNameExW
K32QueryWorkingSetEx
GetCurrentProcess
LocalAlloc
LocalFree
WriteProcessMemory
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualQueryEx
OpenProcess
lstrcmpiW
Process32FirstW
Process32NextW
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
Sleep
GetLastError
CloseHandle
GetTempPathW
GetFileAttributesW
TerminateProcess
InitializeSListHead
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

FindWindowA

advapi32

LookupPrivilegeValueA
SetSecurityDescriptorDacl
SetKernelObjectSecurity
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
AddAccessDeniedAce
OpenProcessToken

msvcp140

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fail@ios_base@std@@QEBA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

ntdll

NtQueryInformationProcess
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

shlwapi

PathRemoveFileSpecW

urlmon

URLOpenBlockingStreamA

vcruntime140

memcmp
memmove
strchr
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__C_specific_handler
__current_exception
_purecall
memset
__current_exception_context
memchr
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_c_exit
__p___argv
_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm
__p___argc
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
exit
system
_invalid_parameter_noinfo_noreturn
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

tolower
_memicmp
islower
isdigit
strncmp
strcspn
isxdigit
ispunct
strspn
isgraph
iscntrl
isupper
toupper
strncpy
isalpha
strpbrk
isspace
strnlen
strncat
isalnum

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-convert-l1-1-0

strtod
strtoull
atoi
strtoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
_set_fmode
_get_stream_buffer_pointers
fclose
__stdio_common_vsnprintf_s
__p__commode
fflush
__stdio_common_vsprintf
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
__acrt_iob_func
fwrite
setvbuf
ungetc
__stdio_common_vfprintf
__stdio_common_vsprintf_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wstat64

api-ms-win-crt-math-l1-1-0

tanh
tan
log
ldexp
floorf
round
log10
sqrt
frexp
asin
atan
log2
pow
__setusermatherr
atan2
modf
ceil
cos
cosh
acos
exp
floor
ceilf
_dsign
sinh
sin
fmod

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_gmtime64_s
_time64
_difftime64
clock

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 671KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3641aa54f19357fa0024ba168f1b6426

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

ntdll

shlwapi

urlmon

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 671KB - Virtual size: 671KB

.data Size: 100KB - Virtual size: 106KB

.pdata Size: 130KB - Virtual size: 129KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 671KB - Virtual size: 671KB

.data
Size: 100KB - Virtual size: 106KB

.pdata
Size: 130KB - Virtual size: 129KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB