neshta | 43ba313e04f718a7556d5b34761082c2

Sharing

Copy URL Twitter E-mail

General

Target

43ba313e04f718a7556d5b34761082c2
Size

234KB
MD5

43ba313e04f718a7556d5b34761082c2
SHA1

aa59e88342a6c13c84492ab864ec65a796d5a7fc
SHA256

6ce8a5b152edf00b33ebf0fa2e6adaa4d456164fa8bc0c48cb492da1d00e1eb6
SHA512

d9b9ef7af11e53781e109357570a02efb36023f0c96c547a6af4b1cdd8d3f960a0681598735cbe5b560046daf023a3d9a8a750ab6880b84c98c0491d9724f4a7
SSDEEP

6144:ct1TCVdSdp/LSPh8tIJlWhQt1TCVp91t1TCVR:o1gsSP5lJ1y1g

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Files

43ba313e04f718a7556d5b34761082c2
.exe windows:4 windows x64 arch:x64

8295974c081d0e9e58e33d212700c10a

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

26/08/2009, 00:00

Not After

26/08/2010, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,POSTALCODE=3065,STREET=Huehnerbuehlstr. 45,L=Bolligen,ST=BE,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a3:c6:eb:1b:4a:89:c2:23:31:fa:7a:18:ac:b5:c7:b5:1e:34:8b:0d
Signer

Actual PE Digest

a3:c6:eb:1b:4a:89:c2:23:31:fa:7a:18:ac:b5:c7:b5:1e:34:8b:0d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

user32

GetMenuItemID
FillRect
CreatePopupMenu
TranslateMessage
GetDC
CreateWindowExA
RegisterClassExA
SystemParametersInfoA
MessageBoxW
GetSysColor
GetDesktopWindow
PeekMessageA
ReleaseDC
GetMenuItemInfoA
DestroyMenu
GetActiveWindow
GetMenuItemCount
CharUpperW
DestroyWindow
DefWindowProcA
GetMenuItemInfoW
DispatchMessageA
DeleteMenu
wsprintfW
MessageBoxA
PostQuitMessage

kernel32

GetLocaleInfoA
ConnectNamedPipe
GetACP
SetErrorMode
MultiByteToWideChar
GetTickCount
Sleep
LoadLibraryA
DisconnectNamedPipe
WaitNamedPipeA
WriteFile
GetLastError
GetVersionExA
CloseHandle
GetCurrentProcessId
ReadFile
GetProcAddress
GetModuleFileNameW
CreateThread
CreateNamedPipeA
PeekNamedPipe
WideCharToMultiByte
HeapReAlloc
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
FlsAlloc
GetCurrentThreadId
SetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree

gdi32

CreateCompatibleDC
GetObjectA
TranslateCharsetInfo
SetTextColor
SetBkMode
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateFontIndirectA
CreateSolidBrush
GetDIBits
SetBkColor
GdiFlush

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc

ole32

CLSIDFromString
OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueW
RegEnumKeyA
RegOpenKeyW
RegQueryValueA

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8295974c081d0e9e58e33d212700c10a

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1bCertificate

Extended Key Usages

Key Usages

a3:c6:eb:1b:4a:89:c2:23:31:fa:7a:18:ac:b5:c7:b5:1e:34:8b:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

user32

kernel32

gdi32

shell32

ole32

advapi32

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 17KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 7KB - Virtual size: 6KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

37:a0:b9:1e:84:74:70:cf:eb:b8:c5:a4:fb:26:56:1b
Certificate

a3:c6:eb:1b:4a:89:c2:23:31:fa:7a:18:ac:b5:c7:b5:1e:34:8b:0d
Signer

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 17KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 7KB - Virtual size: 6KB