neshta | lol[.]exe | Triage

Sharing

General

Target

lol.exe
Size

555KB
MD5

b6755dc7c6c547055a731379674c43f9
SHA1

7cab927a86dfc8900a88849f5b4adeb3cb6313bc
SHA256

6b3d3c6476998e92c9493f1c56f1b88200f8cc646df0a2bb2142fda92b7aed3d
SHA512

898923c7653c96eee784ff7fd779dd0b2e8252e04b3520cb22c32d1c99918428360f923116691e02096f83d6a53a0517c22f9033180a1972bf32862ba93ed251
SSDEEP

12288:fM2iNh4/mNUAt8DboJTMEhdq5pPSDYLdNgaV3jgG5hd3GMPljD+QJY:fM1D4/QU4JTZ2XLd3Gul3c

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lol.exe

Files

lol.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ