neshta | f564159e22f3fd9af7327866916157cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f564159e22f3fd9af7327866916157cb_JaffaCakes118
Size

4.8MB
MD5

f564159e22f3fd9af7327866916157cb
SHA1

4f27bad5979226eaaecabecf5e09a9c3d8b13ec6
SHA256

5626bc6383c01b27f6ad73cf36b872762e82f69f2309aff6769a8b9f0ad25678
SHA512

51e2e075d7c76529d8f7573cb7690ba965191eaf50f1a328bf44df400afa4f024a581e6cb2459c019aaca2e108e52626a1fdaafa9327ce8caae681838e0d8374
SSDEEP

98304:h0AqWZwwMQoudGYB0pozSz8H95dhih3q2ZfRImfGmGwkN88erhUOxmR:h0AqWZwwMQo/00pozSz8H95dhih3q2Z8

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f564159e22f3fd9af7327866916157cb_JaffaCakes118

Files

f564159e22f3fd9af7327866916157cb_JaffaCakes118
.exe windows:10 windows x86 arch:x86

b79a26282dc6494ffda9173e830dab0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rundll32.pdb

Imports

msvcrt

_controlfp
_amsg_exit
__p__commode
__wgetmainargs
?terminate@@YAXXZ
__set_app_type
_onexit
__dllonexit
_unlock
exit
_exit
_vsnwprintf
_except_handler4_common
_cexit
__p__fmode
_lock
__setusermatherr
_initterm
_wcmdln
__CxxFrameHandler3
_XcptFilter
free
_purecall
_wtoi
memcpy_s
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-1

CoUninitialize
CoWaitForMultipleHandles
CoReleaseServerProcess
CLSIDFromString
CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoInitializeEx
CoAddRefServerProcess
CoInitializeSecurity

api-ms-win-core-file-l1-2-1

GetFileAttributesW
CreateFileW
ReadFile
SetFilePointer

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW
LoadLibraryExW
GetModuleHandleA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-synch-l1-2-0

CreateSemaphoreExW
ReleaseSRWLockExclusive
SetEvent
WaitForSingleObject
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSemaphore
WaitForSingleObjectEx
ReleaseSRWLockShared
CreateEventW
ReleaseMutex
Sleep
OpenSemaphoreW
AcquireSRWLockShared

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processenvironment-l1-2-0

GetCommandLineW
SearchPathW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
CreateProcessW
GetCurrentThreadId
TerminateProcess
SetProcessMitigationPolicy
GetCurrentProcessId
GetStartupInfoW
ExitProcess

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-error-l1-1-1

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-console-l2-1-0

AttachConsole
FreeConsole

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-kernel32-private-l1-1-2

Wow64EnableWow64FsRedirection

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
QueryActCtxW

api-ms-win-downlevel-shlwapi-l1-1-1

PathIsRelativeW

api-ms-win-downlevel-shlwapi-l2-1-1

SHSetThreadRef

imagehlp

ImageDirectoryEntryToData

ntdll

NtSetInformationToken
NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlSetSearchPathMode
NtSetInformationProcess
RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
NtQuerySystemInformation
NtClose

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b79a26282dc6494ffda9173e830dab0a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-com-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-console-l2-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-kernel32-private-l1-1-2

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-1

api-ms-win-downlevel-shlwapi-l2-1-1

imagehlp

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 132B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 132B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 1KB