neshta | 1941e4b339f45622599e68e2307202fc523eb64bb53b118afb34b00889c6f764 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1941e4b339f45622599e68e2307202fc523eb64bb53b118afb34b00889c6f764
Size

555KB
MD5

dbe1874bbf06ada88c403e5b224568c6
SHA1

6c0daac1b05bc385a7c34b607ee25c7e620c7f48
SHA256

1941e4b339f45622599e68e2307202fc523eb64bb53b118afb34b00889c6f764
SHA512

92e87384b69053b78b4a723f32a07a6066e1deae8a9ba24824417565bbfb6258a4ee13c0f6214fed79482a34137387e7c7b44b05e747d3c9277cd820b80f6641
SSDEEP

3072:sr85CfsJxDO9insyH6+PJTOramZap5XVeR4zW1mFD1gbIEENUrlfw0XdlQCN2NiT:k9fUxDpEa04+5U+kUHWDICTU

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1941e4b339f45622599e68e2307202fc523eb64bb53b118afb34b00889c6f764

Files

1941e4b339f45622599e68e2307202fc523eb64bb53b118afb34b00889c6f764
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ