neshta | 2058d7db6427d7db89aca4c6d994eddd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2058d7db6427d7db89aca4c6d994eddd.exe
Size

1005KB
MD5

2058d7db6427d7db89aca4c6d994eddd
SHA1

00f82d55e174b23e3c1b39917bf547b3cc776b77
SHA256

6a2e10ad49c30b7d7ee6f747af24f76d2f857a72882a612bfa981e4df6f7f5a1
SHA512

08e3e872c6d7d2ffbd137af910e6fcc45dcf96ec3177d1d94756d52d05b331cd3bd23f6850e846c9b4a9fafaa28f9bd601fb86f44142cc93145aa216a8321c60
SSDEEP

12288:WQy1xbyBjDj5Kd1655xJLgacMv7eIZ5e2Voz4a8yzGC3ua8x/UHKTjoG:PsdY5V1v71Z5el4RyzGC78x/UHwoG

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2058d7db6427d7db89aca4c6d994eddd.exe

Files

2058d7db6427d7db89aca4c6d994eddd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ