Celestia[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Celestia.exe
Size

10.7MB
MD5

f6923af4053982f357835d1e89809244
SHA1

973c9906119933fbf46cbd9c6be9a6a53feaf6ee
SHA256

5002e1f50310254b3e78834c079801f5abbea59e111dcd6281c6f7fa3a4a18f6
SHA512

8c0a17d814e125d7648ad9506195cf5192ee034001eda19056a1ffd03c027d31aa0165161713efce6abad3375f8d9af3da2ca560598f6b2a931cba108de91425
SSDEEP

98304:/VJXG4PLHU6HbnvavM4nmbKVeHvBQKtKHoshgQNPMO+tpJt3FCQiElwr9yH/T/R:XPLynDSQKtKHxhgOMnp3CuOyfS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Celestia.exe

Files

Celestia.exe
.exe windows:6 windows x64 arch:x64

215d56ed2fac35292d9e1d5a8900fdb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

kernel32

GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
Process32First
Process32Next
GlobalMemoryStatusEx
GetTickCount64
FileTimeToSystemTime
SetFilePointerEx
WriteFileEx
GetCurrentProcess
SleepEx
GetProcessId
TerminateProcess
FreeLibrary
SetEvent
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapReAlloc
SetHandleInformation
ReleaseMutex
FormatMessageW
AreFileApisANSI
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
SetLastError
Sleep
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FoldStringW
EncodePointer
RaiseException
CreateEventW
GetCurrentThread
SetThreadPriority
GetSystemDirectoryW
LoadLibraryW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SetThreadExecutionState
LoadLibraryA
RtlPcToFileHeader
CreateSymbolicLinkW
GetVersionExW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
SetFileTime
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetProcAddress
GetStdHandle
GetFileType
SetEndOfFile
SetFilePointer
GetConsoleMode
GetSystemTimes
GetShortPathNameW
GetModuleHandleA
CreateHardLinkW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLogicalDrives
ReleaseSemaphore
CreateSemaphoreW
CreateThread
GetProcessAffinityMask
GetConsoleScreenBufferInfo
SetConsoleMode
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetFileInformationByHandleEx
RtlUnwindEx
lstrlenW
GetFinalPathNameByHandleW
PostQueuedCompletionStatus
IsDebuggerPresent
GetUserDefaultUILanguage
LCIDToLocaleName
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
CreateWaitableTimerExW
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
HeapFree
CancelIo
GetCurrentThreadId
HeapAlloc
GetDiskFreeSpaceExW
SetFileInformationByHandle
GetCommandLineW
GetModuleHandleW
SetEnvironmentVariableW
GetEnvironmentStringsW
RtlVirtualUnwind
ExitProcess
CreateToolhelp32Snapshot
WriteProcessMemory
Thread32First
OpenThread
SuspendThread
Thread32Next
CreateIoCompletionPort
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
ReadFile
WriteFile
FlushFileBuffers
ReadFileEx
GetQueuedCompletionStatusEx
GetCurrentProcessId
ReadProcessMemory
WaitNamedPipeW
DuplicateHandle
GetProcessHeap
CreateNamedPipeW
GetOverlappedResult
SetFileCompletionNotificationModes
VirtualQueryEx
RtlLookupFunctionEntry
RtlCaptureContext
ConnectNamedPipe
GetFileInformationByHandle
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
OutputDebugStringA
OutputDebugStringW
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
VirtualAllocEx
LoadLibraryExW
GetLastError
GetEnvironmentVariableW
WaitForMultipleObjects
MoveFileExW
CreateFileW
ResetEvent
GetProcessIoCounters
OpenProcess
VirtualFreeEx
GetSystemInfo
GetProcessTimes
LocalFree
GetExitCodeProcess
DisconnectNamedPipe
QueryPerformanceCounter
SetWaitableTimer
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetLongPathNameW
AcquireSRWLockExclusive

advapi32

SetFileSecurityW
IsValidSid
RegSetValueExW
RegCreateKeyExW
FreeSid
GetLengthSid
EventRegister
EventSetInformation
CopySid
EventWriteTransfer
LookupAccountSidW
EventUnregister
RegGetValueW
CheckTokenMembership
SystemFunction036
AllocateAndInitializeSid
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueW

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass
TaskDialogIndirect

user32

CharToOemBuffW
CharLowerW
CharUpperW
OemToCharBuffA
EnumChildWindows
OemToCharA
RegisterWindowMessageA
RegisterClassExW
RegisterRawInputDevices
MsgWaitForMultipleObjectsEx
SetWindowLongPtrW
SetCapture
EnumDisplayMonitors
MonitorFromPoint
RedrawWindow
CharToOemA
ValidateRect
PostThreadMessageW
PeekMessageW
DispatchMessageA
GetMessageA
ToUnicodeEx
GetKeyboardLayout
PostQuitMessage
AppendMenuW
CreateMenu
CheckMenuItem
SetMenuItemInfoW
GetUpdateRect
SetWindowLongW
EnableMenuItem
GetSystemMenu
ShowWindow
CreateAcceleratorTableW
SendMessageW
CreateIcon
IsProcessDPIAware
GetRawInputData
SetWindowTextW
GetDC
GetWindowLongW
GetClientRect
ClientToScreen
SystemParametersInfoA
LoadCursorW
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
SendInput
AllowSetForegroundWindow
AdjustWindowRectEx
GetMenu
DestroyIcon
DestroyAcceleratorTable
VkKeyScanW
GetKeyState
MapVirtualKeyExW
GetKeyboardState
GetWindowRect
SetForegroundWindow
GetWindowLongPtrW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
SetWindowDisplayAffinity
GetForegroundWindow
SetCursorPos
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
ReleaseCapture
FlashWindowEx
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
GetWindowTextW
GetWindowTextLengthW
MapVirtualKeyW
IsIconic
GetActiveWindow
SetMenu
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
GetAsyncKeyState
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
DestroyWindow
TrackMouseEvent
PostMessageW
MonitorFromRect
SetCursor

ole32

CoUninitialize
CoTaskMemAlloc
CoSetProxyBlanket
RegisterDragDrop
OleInitialize
CoCreateInstance
CoInitializeSecurity
RevokeDragDrop
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx

shell32

CommandLineToArgvW
SHAppBarMessage
DragQueryFileW
DragFinish
SHCreateItemFromParsingName
SHGetKnownFolderPath
ShellExecuteW

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea

pdh

PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhOpenQueryA
PdhCloseQuery
PdhRemoveCounter
PdhCollectQueryData

psapi

GetPerformanceInfo
GetModuleFileNameExW

ntdll

NtWriteFile
RtlNtStatusToDosError
NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx
NtQueryInformationProcess
RtlGetVersion
NtReadFile
NtQuerySystemInformation

oleaut32

SysStringLen
GetErrorInfo
SysAllocString
SysFreeString
SetErrorInfo
VariantClear

iphlpapi

GetIfTable2
GetIfEntry2
FreeMibTable
GetAdaptersAddresses

powrprof

CallNtPowerInformation

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo
NetUserGetLocalGroups

secur32

DeleteSecurityContext
QueryContextAttributesW
LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions
FreeCredentialsHandle
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage

uxtheme

SetWindowTheme

ws2_32

getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
getsockopt
closesocket
shutdown
recv
send
WSASend
freeaddrinfo
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
getaddrinfo
WSACleanup

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertDuplicateStore
CertGetCertificateChain
CertOpenStore
CertCloseStore

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
pow
trunc
round

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
_callnewh
malloc
free
realloc

api-ms-win-crt-string-l1-1-0

wcsncmp
wcslen
wcsncpy
wcspbrk
strcpy_s
_wcsdup
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
exit
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_c_exit
_register_onexit_function
_register_thread_local_exe_atexit_callback
_cexit
__p___argv
_seh_filter_exe
_exit
_crt_atexit
terminate
abort
_set_app_type
_configure_narrow_argv
_initterm_e
__p___argc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
_set_fmode

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

215d56ed2fac35292d9e1d5a8900fdb8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

advapi32

comctl32

user32

ole32

shell32

gdi32

dwmapi

pdh

psapi

ntdll

oleaut32

iphlpapi

powrprof

netapi32

secur32

uxtheme

ws2_32

crypt32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

msvcp140

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 15KB - Virtual size: 44KB

.pdata Size: 369KB - Virtual size: 368KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 15KB - Virtual size: 44KB

.pdata
Size: 369KB - Virtual size: 368KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 56KB - Virtual size: 56KB