neshta | 781b258370923cebaa725fbf8727ce12 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

781b258370923cebaa725fbf8727ce12
Size

245KB
MD5

781b258370923cebaa725fbf8727ce12
SHA1

912892a689db5d2998ca491f3b52a12343d443ba
SHA256

08e82352a33f5a33e798ad39f0c06cbd878272b4b17dc4db72891b8e6bdb2b7e
SHA512

202f016e9386505ea33453c6e4af0d0e5486ebd2be79559ec595494b7b15d48fdb80e6c6277a007b61ad2cc90f7753d8300d1efaa8f55cbd8678c31d3aae994d
SSDEEP

3072:G/CTplYqI6BxmO4CDh38MD58SL1NcDsYeH2/CTpfr85C:ZTcqI631DN845zrT59

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
781b258370923cebaa725fbf8727ce12

Files

781b258370923cebaa725fbf8727ce12
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\vs\TestPort\MainForm\obj\Debug\MainForm.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ