neshta | c57c5173d1554f0555d6c94baa65c80f5b20ee46f32973012f2bde930b4e2029

Sharing

Copy URL Twitter E-mail

General

Target

c57c5173d1554f0555d6c94baa65c80f5b20ee46f32973012f2bde930b4e2029
Size

2.6MB
MD5

0f616f730e8ad42636701dbd866f09fd
SHA1

22ff4283d1889f39f751f22b9fe08ba39fdb039e
SHA256

c57c5173d1554f0555d6c94baa65c80f5b20ee46f32973012f2bde930b4e2029
SHA512

a9f1733d750f3d45e1350615607405c70893c038047faa372bb5fc102c7bffde44066fbddbca9cd6694cb9dbd23d338f66853ef49f849611733f6c1b2eff804f
SSDEEP

49152:zWqlX1l07xANOwAaxllCb4GwCdjZ5JrkXpnhIpm41g9NUfCJ7C71WlWlWlWlW5WE:zWmFl0uwLaVCbjwuVQ9h0ZDWlWlWlWla

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Files

c57c5173d1554f0555d6c94baa65c80f5b20ee46f32973012f2bde930b4e2029
.exe windows x86

aebfb3f9080db863e36a8c46fa92a774

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW
PathStripPathW
PathFindExtensionW
PathRenameExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathMatchSpecW
StrCpyW
UrlIsW
StrCmpIW
StrDupW
StrFormatByteSizeW
PathRemoveExtensionW
PathFileExistsW

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

ws2_32

getservbyname
socket
htons
WSACleanup
WSASetLastError
shutdown
inet_ntoa
inet_addr
gethostbyname
ioctlsocket
connect
WSAGetLastError
getpeername
__WSAFDIsSet
select
recv
send
gethostname
closesocket
WSAStartup

comctl32

ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
CreatePropertySheetPageW
ImageList_DrawIndirect
ImageList_Draw
ImageList_GetIconSize
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_ReplaceIcon

shell32

ShellExecuteW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHBrowseForFolderW
ExtractIconW
DoEnvironmentSubstW
SHGetSpecialFolderPathW
SHChangeNotify
ShellExecuteExW
SHGetPathFromIDListW

wininet

InternetGetLastResponseInfoW
InternetOpenW
InternetConnectW
FtpSetCurrentDirectoryW
FtpDeleteFileW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpPutFileW
InternetCloseHandle

mpr

WNetAddConnection2W
WNetCancelConnection2W

winmm

waveInOpen
waveInStart
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInStop
waveInClose
mixerGetLineInfoW
mixerGetLineControlsW
mixerSetControlDetails
waveInGetNumDevs
waveInGetDevCapsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

ReadConsoleInputA
SetConsoleMode
FindFirstFileA
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
SetStdHandle
FlushConsoleInputBuffer
GetVersionExA
GlobalMemoryStatus
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringA
GetProcessHeap
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
InterlockedExchange
InitializeCriticalSectionAndSpinCount
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
lstrlenW
VirtualFree
FlushInstructionCache
GetCurrentProcess
VirtualAlloc
GetLastError
MultiByteToWideChar
FreeResource
GetUserDefaultLangID
EnumResourceLanguagesW
GetLocaleInfoW
CreateFileW
ReadFile
CloseHandle
GetFileSize
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetVersion
LoadLibraryW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GlobalFree
GlobalUnlock
CompareStringW
CreateDirectoryW
lstrcpyW
WriteFile
lstrcatW
lstrcpynW
GetVersionExW
lstrcmpW
DeleteFileW
GlobalLock
GetDateFormatW
CreateMutexW
EnumResourceNamesW
LocalReAlloc
LocalAlloc
LocalFree
SetFilePointer
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetTimeFormatW
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetWindowsDirectoryW
MoveFileExW
FormatMessageW
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableW
GetShortPathNameW
ExitProcess
SetFileAttributesW
GetCurrentProcessId
RemoveDirectoryW
GetSystemTimeAsFileTime
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
GlobalSize
MoveFileW
WaitForSingleObject
TerminateThread
GetTickCount
QueryDosDeviceW
GetVolumeInformationW
OutputDebugStringA
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetModuleHandleA
HeapCreate
HeapDestroy
HeapSize
Sleep
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
VirtualQuery
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
SetConsoleCtrlHandler
LoadLibraryA
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

user32

GetWindowRect
InvalidateRect
GetParent
CopyRect
InflateRect
OffsetRect
DrawFocusRect
FillRect
DrawTextW
DrawFrameControl
GetMonitorInfoW
MonitorFromPoint
TrackPopupMenu
GetWindowDC
ReleaseDC
GetClassLongW
GetSystemMetrics
SetRectEmpty
GetSysColor
SystemParametersInfoW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
ScreenToClient
UpdateWindow
IsWindowEnabled
SetCapture
SetFocus
GetDlgCtrlID
IsWindow
SetWindowPos
PtInRect
SetCursor
GetCursorPos
BeginPaint
EndPaint
GetDC
ReleaseCapture
GetCapture
GetFocus
GetClassNameW
GetSysColorBrush
SetWindowTextW
GetDlgItemTextW
SetDlgItemTextW
MapWindowPoints
MonitorFromWindow
GetWindow
EndDialog
GetDlgItem
SetTimer
OpenClipboard
EnableWindow
LoadImageW
DialogBoxIndirectParamW
PostQuitMessage
ModifyMenuW
GetSubMenu
GetDlgItemInt
SetDlgItemInt
MessageBeep
GetActiveWindow
IsWindowVisible
ShowScrollBar
RedrawWindow
FrameRect
GetMenu
AdjustWindowRectEx
ShowWindow
CreateIconFromResource
LookupIconIdFromDirectory
KillTimer
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
MoveWindow
ScrollWindow
SetForegroundWindow
FindWindowW
GetKeyNameTextW
MapVirtualKeyW
CharUpperW
wsprintfW
BroadcastSystemMessageW
RegisterWindowMessageW
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
DdeAccessData
DdeClientTransaction
DdeGetLastError
DdeConnect
DdeCreateStringHandleW
DdeInitializeW
FindWindowExW
EnumWindows
GetAncestor
GetWindowThreadProcessId
SendMessageTimeoutW
EnumChildWindows
GetDesktopWindow
ChangeClipboardChain
SetClipboardViewer
GetForegroundWindow
GetLastInputInfo
CreatePopupMenu
InsertMenuItemW
SetMenu
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
TrackPopupMenuEx
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
IsMenu
GetMenuItemID
DrawEdge
WindowFromPoint
GetMessagePos
CharLowerW
GetKeyState
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
CallWindowProcW
DestroyMenu
DestroyIcon
RegisterHotKey
UnregisterHotKey
SendMessageW
MessageBoxW
PostMessageW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DestroyWindow
CharNextW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
GetClassInfoExW
SetWindowLongW
LoadMenuW

gdi32

RealizePalette
GetDIBits
CreatePatternBrush
GetDeviceCaps
GetTextExtentPoint32W
GetCurrentObject
LineTo
MoveToEx
CreateDIBitmap
TextOutW
CreateDIBSection
CreateBitmap
DeleteObject
SetBrushOrgEx
CreateSolidBrush
CreatePen
Polygon
CombineRgn
CreateRectRgnIndirect
ExcludeClipRect
SelectObject
SetPolyFillMode
SetBkMode
PatBlt
RoundRect
SetBkColor
ExtTextOutW
CreateCompatibleBitmap
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateFontW
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteDC
SetTextColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx

oleaut32

VarCmp
SysFreeString
VariantClear
VarUI4FromStr
VariantInit

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 657KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aebfb3f9080db863e36a8c46fa92a774

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

ws2_32

comctl32

shell32

wininet

mpr

winmm

version

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 390KB - Virtual size: 389KB

.data Size: 73KB - Virtual size: 278KB

.rsrc Size: 657KB - Virtual size: 656KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 390KB - Virtual size: 389KB

.data
Size: 73KB - Virtual size: 278KB

.rsrc
Size: 657KB - Virtual size: 656KB