General
-
Target
BkavSaferunManager_Adm.exe.sc
-
Size
643KB
-
MD5
89c304e906ddce682d7181e4b2e18202
-
SHA1
fcde76f5ad3b0d54ed83247e2a675edaf53f940d
-
SHA256
17d2d084988c53d2b7ad2376e484f1b20b0b4faab40f4f98fdbaf7da4e8d1f23
-
SHA512
aa8d13616b0f6ba26ce2f8c4ea2b951d30ca82e94981fc3cc2e4957bef04e6ea50050e92646d24dfb5fbe783e56fdedd4977f845aa2d6c1b95f583e8b4f70a1c
-
SSDEEP
12288:x1O5Yb//1XnyzG3P5gAh1y9TQ2tbx/h+26:x1O5Yz13bgAh1y9sSxJ+26
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
resource yara_rule sample family_neshta -
Neshta family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource BkavSaferunManager_Adm.exe.sc
Files
-
BkavSaferunManager_Adm.exe.sc.exe windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 536B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 42KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ