celerycmd
icallback
init
test
General
-
Target
Dice X.zip
-
Size
6.4MB
-
MD5
11a64a31b4528d36a8f4bc45b5fd27aa
-
SHA1
2effd925be72b37f3890b96cdca688a8d474da9d
-
SHA256
60d82855f1f5d086f385e30176bf445a1d61113c0c3801afc721c9964b1f63a0
-
SHA512
e3157c6ced64b30bfc6975cbcfc1badef028b2848943b61f038c904c87a699755e8c6167d444c4cae50503b1eda98f7d67bcd802568562bc257edfd376976546
-
SSDEEP
196608:F5XqIGfVQRvE1QP7KJm4cvH7/41YSXk9WoSX48Nmm9v:/XqNccG7Em4qH7/z9WoSX4a7
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/DiceX V3/DiceX V3.exe themida -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/DiceX V3/CeleryIn.bin unpack001/DiceX V3/DiceAPI.dll unpack001/DiceX V3/DiceX V3.exe
Files
-
Dice X.zip.zip
-
DiceX V3/CeleryIn.bin.dll windows:6 windows x64 arch:x64
57127fa98e84d836ff1e07fcec0c9958
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
GetProcessHeaps
HeapWalk
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
vcruntime140
__std_type_info_destroy_list
__C_specific_handler
memset
memcpy
api-ms-win-crt-string-l1-1-0
strlen
tolower
api-ms-win-crt-convert-l1-1-0
_ui64toa_s
_itoa
_gcvt_s
_itoa_s
api-ms-win-crt-runtime-l1-1-0
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table
Exports
Exports
Sections
.text Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DiceX V3/CeleryScript.bin
-
DiceX V3/Dice X.exe.config
-
DiceX V3/Dice X.pdb
-
DiceX V3/DiceAPI.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Users\Lenovo\source\repos\DiceAPI\DiceAPI\obj\Debug\DiceAPI.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DiceX V3/DiceX V3.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 89KB - Virtual size: 512KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 7.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 4.7MB - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
DiceX V3/Key/keyexecutor.txt
-
DiceX V3/Monaco/index.html.html .js polyglot
-
DiceX V3/Monaco/vs/base/worker/workerMain.js.js
-
DiceX V3/Monaco/vs/basic-languages/bat/bat.js
-
DiceX V3/Monaco/vs/basic-languages/coffee/coffee.js
-
DiceX V3/Monaco/vs/basic-languages/cpp/cpp.js
-
DiceX V3/Monaco/vs/basic-languages/csharp/csharp.js
-
DiceX V3/Monaco/vs/basic-languages/csp/csp.js
-
DiceX V3/Monaco/vs/basic-languages/css/css.js
-
DiceX V3/Monaco/vs/basic-languages/dockerfile/dockerfile.js
-
DiceX V3/Monaco/vs/basic-languages/fsharp/fsharp.js
-
DiceX V3/Monaco/vs/basic-languages/go/go.js
-
DiceX V3/Monaco/vs/basic-languages/handlebars/handlebars.js.js
-
DiceX V3/Monaco/vs/basic-languages/html/html.js.js
-
DiceX V3/Monaco/vs/basic-languages/ini/ini.js
-
DiceX V3/Monaco/vs/basic-languages/java/java.js
-
DiceX V3/Monaco/vs/basic-languages/less/less.js
-
DiceX V3/Monaco/vs/basic-languages/lua/lua.js
-
DiceX V3/Monaco/vs/basic-languages/markdown/markdown.js.js
-
DiceX V3/Monaco/vs/basic-languages/msdax/msdax.js
-
DiceX V3/Monaco/vs/basic-languages/mysql/mysql.js
-
DiceX V3/Monaco/vs/basic-languages/objective-c/objective-c.js
-
DiceX V3/Monaco/vs/basic-languages/pgsql/pgsql.js
-
DiceX V3/Monaco/vs/basic-languages/php/php.js
-
DiceX V3/Monaco/vs/basic-languages/postiats/postiats.js
-
DiceX V3/Monaco/vs/basic-languages/powershell/powershell.js
-
DiceX V3/Monaco/vs/basic-languages/pug/pug.js
-
DiceX V3/Monaco/vs/basic-languages/python/python.js
-
DiceX V3/Monaco/vs/basic-languages/r/r.js
-
DiceX V3/Monaco/vs/basic-languages/razor/razor.js.js
-
DiceX V3/Monaco/vs/basic-languages/redis/redis.js
-
DiceX V3/Monaco/vs/basic-languages/redshift/redshift.js
-
DiceX V3/Monaco/vs/basic-languages/ruby/ruby.js
-
DiceX V3/Monaco/vs/basic-languages/rust/rust.js
-
DiceX V3/Monaco/vs/basic-languages/sb/sb.js
-
DiceX V3/Monaco/vs/basic-languages/scss/scss.js
-
DiceX V3/Monaco/vs/basic-languages/solidity/solidity.js
-
DiceX V3/Monaco/vs/basic-languages/sql/sql.js
-
DiceX V3/Monaco/vs/basic-languages/st/st.js
-
DiceX V3/Monaco/vs/basic-languages/swift/swift.js
-
DiceX V3/Monaco/vs/basic-languages/vb/vb.js
-
DiceX V3/Monaco/vs/basic-languages/xml/xml.js
-
DiceX V3/Monaco/vs/basic-languages/yaml/yaml.js
-
DiceX V3/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
-
DiceX V3/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
-
DiceX V3/Monaco/vs/editor/editor.main.css
-
DiceX V3/Monaco/vs/editor/editor.main.js.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.de.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.es.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.fr.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.it.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.ja.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.ko.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.ru.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.zh-cn.js
-
DiceX V3/Monaco/vs/editor/editor.main.nls.zh-tw.js
-
DiceX V3/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
-
DiceX V3/Monaco/vs/language/css/cssMode.js.js
-
DiceX V3/Monaco/vs/language/css/cssWorker.js.js
-
DiceX V3/Monaco/vs/language/html/htmlMode.js.js
-
DiceX V3/Monaco/vs/language/html/htmlWorker.js.js
-
DiceX V3/Monaco/vs/language/json/jsonMode.js.js
-
DiceX V3/Monaco/vs/language/json/jsonWorker.js.js
-
DiceX V3/Monaco/vs/language/typescript/lib/typescriptServices.js.js
-
DiceX V3/Monaco/vs/language/typescript/tsMode.js.js
-
DiceX V3/Monaco/vs/language/typescript/tsWorker.js.js
-
DiceX V3/Monaco/vs/loader.js.js
-
DiceX V3/Scripts/executor level.txt
-
DiceX V3/Scripts/unc test.txt.js