CeleryInject[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CeleryInject.exe
Size

3.1MB
MD5

903c91bcacbff8db17f3468c54185b48
SHA1

1cff1ef32ab0fca5cb4b21763ca45ae59d894bd3
SHA256

0b3f4ef71076f35809dc0474f27f84e81f196e12527b9bcb039479e7feb036ce
SHA512

9a5b16ce224e51c256b1e12e62ba1a762a0ffe142a9b760b1250ef3d3f4c832596487da8b1eeb83541d84b9bb43db6862bd43021ae0c7293cc5784b653c3556e
SSDEEP

24576:Bks968H/zOog3l6reeXI9SpMDORZRWWF6cFyI2DGjP8YcRowp3fBfW8MSSa0fh:BksJzOvi0SpMDIsBDGjP8lR3p3fLMSr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CeleryInject.exe

Files

CeleryInject.exe
.exe windows:6 windows x64 arch:x64

62f22f86234292ac87eadfd2061884cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Javan\Desktop\Projects\Release\CeleryInject.pdb

Imports

kernel32

GetModuleFileNameW
GetModuleHandleA
GetProcAddress
lstrcatW
lstrlenA
lstrlenW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
K32EnumProcessModules
K32GetModuleFileNameExW
K32QueryWorkingSetEx
GetCurrentProcess
LocalAlloc
LocalFree
WriteProcessMemory
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualQueryEx
OpenProcess
lstrcmpiW
Process32FirstW
Process32NextW
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
ResumeThread
SuspendThread
OpenThread
Sleep
GetLastError
CloseHandle
GetTempPathW
GetFileAttributesW
TerminateProcess
InitializeSListHead
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

FindWindowA

advapi32

LookupPrivilegeValueA
SetSecurityDescriptorDacl
SetKernelObjectSecurity
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
AddAccessDeniedAce
OpenProcessToken

msvcp140

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fail@ios_base@std@@QEBA_NXZ
?rdstate@ios_base@std@@QEBAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

ntdll

NtQueryInformationProcess
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

shlwapi

PathRemoveFileSpecW

urlmon

URLOpenBlockingStreamA

vcruntime140

memcmp
memmove
strchr
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__C_specific_handler
__current_exception
_purecall
memset
__current_exception_context
memchr
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_c_exit
__p___argv
_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm
__p___argc
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
exit
system
_invalid_parameter_noinfo_noreturn
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

tolower
_memicmp
islower
isdigit
strncmp
strcspn
isxdigit
ispunct
strspn
isgraph
iscntrl
isupper
toupper
strncpy
isalpha
strpbrk
isspace
strnlen
strncat
isalnum

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-convert-l1-1-0

strtod
strtoull
atoi
strtoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
_set_fmode
_get_stream_buffer_pointers
fclose
__stdio_common_vsnprintf_s
__p__commode
fflush
__stdio_common_vsprintf
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
__acrt_iob_func
fwrite
setvbuf
ungetc
__stdio_common_vfprintf
__stdio_common_vsprintf_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wstat64

api-ms-win-crt-math-l1-1-0

tanh
tan
log
ldexp
floorf
round
log10
sqrt
frexp
asin
atan
log2
pow
__setusermatherr
atan2
modf
ceil
cos
cosh
acos
exp
floor
ceilf
_dsign
sinh
sin
fmod

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_gmtime64_s
_time64
_difftime64
clock

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62f22f86234292ac87eadfd2061884cf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

ntdll

shlwapi

urlmon

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 672KB - Virtual size: 671KB

.data Size: 100KB - Virtual size: 106KB

.pdata Size: 130KB - Virtual size: 129KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 672KB - Virtual size: 671KB

.data
Size: 100KB - Virtual size: 106KB

.pdata
Size: 130KB - Virtual size: 129KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB