neshta | 203f5b024b67defe459d31ebb645a96d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

203f5b024b67defe459d31ebb645a96d
Size

486KB
MD5

203f5b024b67defe459d31ebb645a96d
SHA1

9325ec51bfcd66d0d809a62725b0d453c36abc9c
SHA256

7ccc4e27c2cdac59796728e81cdcc183580f83f34967e2c98ff88394bce5bc85
SHA512

535f1670048e6964fb25778ebb0e84f3cb4e1c381d3955fc79e51c750aac48fbc5f1fcbb91173cd31ceaaa0866cddde91d728fb45852d9cf1b67487d1fe61d37
SSDEEP

3072:lGQhfHXi4L7XcNqNGQhfHxdr85C80GQhfHxdr85C80GQhfHxdr85C80GQhfHxdri:44K4LDcNqQ4H9+4H9+4H9+4H9+4H9

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
203f5b024b67defe459d31ebb645a96d

Files

203f5b024b67defe459d31ebb645a96d
.exe windows:4 windows x86 arch:x86

2d2f1fb51e695a10d9047f7035aaec1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

MessageBoxA

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

BitBlt

shell32

ExtractIconA

Sections

.MPRESS1
Size: 17KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE