Celery[.]exe | Triage

Sharing

General

Target

Celery.exe
Size

17.3MB
MD5

eeaa7f07f411869b721077bc9f998d5d
SHA1

af4890e4866990a8cab38c65f51579341d09f5c2
SHA256

7182d622a275b9cdabfd50a5431469c48acb8d8543bf5d5b182dd68326d64f62
SHA512

91c478721a58fbf9ec23e425af114d57b5e342aa1d58b3d30242fad79188f4127514a0ca52773a624e7b54281bf219bd703549e85cfa4c2409d26a822f6a9e1a
SSDEEP

393216:OUa57DdNAuyvw4wK/gsrlVwgqI59D8exrbwANXg5yH4LVvII:K1d2toVKrR5qI59woPXlOLmI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Celery.exe

Files

Celery.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\stent\Desktop\Programming\C#\Celery\Celery\obj\Release\Celery.pdb

Sections

.text
Size: 17.2MB - Virtual size: 17.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ