General
-
Target
BkavUnst.exe.sc
-
Size
961KB
-
MD5
a0e2623f718e134957be44ec8f8b993d
-
SHA1
d10d939b3bce502ed9f2f695215c934c6daf519f
-
SHA256
a99fdd4e6ce438ea24da5ab24ce033ecc91427b2dc384cbc46817e6d0b02a41d
-
SHA512
d99bea1b332aa0748402137c57a244f78ab658851480d0edaf39b20dea92915b8988b7d6d4ab5e94680d90d946aab947f3544659f8f84f4ca899c65b9f195ba1
-
SSDEEP
6144:k94jCji2ibP6ROXZhQvQXgvQUVQALCHgo/tkAUQdN6dIS3fLBHBlRGi+jCuJGaHU:tjCghQfvQOmAo/KGN6dFrlRGi+jCt
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
resource yara_rule sample family_neshta -
Neshta family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource BkavUnst.exe.sc
Files
-
BkavUnst.exe.sc.exe windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 536B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 42KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ