Celery[.]exe | Triage

Sharing

General

Target

Celery.exe
Size

17.3MB
MD5

433bb23192adb1d78a2fd99ca652eab4
SHA1

40087ada7a5020046c30d8ffb9fd70949450151e
SHA256

06a7351cbbb9e794e8ee5793114cb74cda3b55f23eb634ea3b994adf851ddd3a
SHA512

d74a2156ea003640774a1139aa4c1b5b76f0f97ebbeec1dd3cebbf902eb667d369f7ea8e1d3c6aff140da6f75e5c64cee23cd1e2cb988873db95723ea9cca93e
SSDEEP

393216:xUa57DdNAuyvw4wK/gsrlVwgqI59D8exrbwANXg5yH4LVvIz:p1d2toVKrR5qI59woPXlOLmz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Celery.exe

Files

Celery.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\stent\Desktop\Programming\C#\Celery\Celery\obj\Release\Celery.pdb

Sections

.text
Size: 17.2MB - Virtual size: 17.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ