Celex[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Celex.exe
Size

6.0MB
MD5

22fdd8d1c8cec119c14015c4f1c2c87f
SHA1

1bbbc6a0c3398bec3d0e26e40c4c945f6deb9d1f
SHA256

ff47573b279a1daa242996b43af06634a8694ada0409d38982d63332b5c23011
SHA512

cfcf4de9edb562fc53d29693df9e95cceea87e7e026185a2e9fc2975e7d866b4774ed17f30ea9430a54ef8291e1213732875959159771f6949f8d65cc3bc09f7
SSDEEP

98304:7UC5K/I+aRCgcFNR02Ve1vDa6/utFGns7KUxRmhrb+L+3MDQY6neraIN0Bl5:pK/RaIgcDR0Ue1vDXGSsnRKX+L+3IQYk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Celex.exe

Files

Celex.exe
.exe windows:6 windows x64 arch:x64

62afddb803f76f453007f67238b48df2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

LeaveCriticalSection
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetForegroundWindow
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptImportKey

shell32

ShellExecuteA

ole32

CoInitialize

msvcp140

?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

winmm

PlaySoundW

wininet

InternetCloseHandle

imm32

ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

normaliz

IdnToAscii

wldap32

ord50

ws2_32

getpeername

shlwapi

PathFindFileNameW

rpcrt4

UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_lseeki64

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-math-l1-1-0

fmod

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-filesystem-l1-1-0

_stat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-string-l1-1-0

strncmp

crypt32

CertCloseStore

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.faggot0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.faggot1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62afddb803f76f453007f67238b48df2

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

advapi32

shell32

ole32

msvcp140

winmm

wininet

imm32

d3dcompiler_47

dwmapi

normaliz

wldap32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

crypt32

wtsapi32

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 404KB

.data Size: - Virtual size: 630KB

.pdata Size: - Virtual size: 66KB

.faggot0 Size: - Virtual size: 3.2MB

.faggot1 Size: 6.0MB - Virtual size: 6.0MB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 404KB

.data
Size: - Virtual size: 630KB

.pdata
Size: - Virtual size: 66KB

.faggot0
Size: - Virtual size: 3.2MB

.faggot1
Size: 6.0MB - Virtual size: 6.0MB

.rsrc
Size: 512B - Virtual size: 469B