General
-
Target
def0f60e1319e8610cec7e1b148d9129
-
Size
2.7MB
-
MD5
def0f60e1319e8610cec7e1b148d9129
-
SHA1
812a4b0987445418577f59312c84c37f584f4d91
-
SHA256
50e5142ee365a55c8dde33fcfc641a0c87a38d6923e1b8d8d6bffb389062d8d8
-
SHA512
5b0bca6c880210a3f9a05e4e3eca03bef9bd00eb70c96b63b8f232c4810bb94395c6f20d5accb2f61954d829882c818e663d5a3411107c1c9b24b6cb3b37b36d
-
SSDEEP
49152:mUsvP5bzq0GBXSzYrHHaDS6ve4gG8tPvsvKtZVmjg4C/SKWf:mUsvP5bjGSCnaDS6G4gttsvKNmv
Score
10/10
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
resource yara_rule sample family_neshta -
Neshta family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource def0f60e1319e8610cec7e1b148d9129
Files
-
def0f60e1319e8610cec7e1b148d9129.sys windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 64B - Virtual size: 5B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ