neshta | 2e21c40a818ff112aa8f9c15c3718e3519b7f0f18470724d87463845866bee17

General

Target

2e21c40a818ff112aa8f9c15c3718e3519b7f0f18470724d87463845866bee17
Size

43KB
MD5

941bb5d1e416e5822574b720afd4cbbc
SHA1

a920074aeb5a8a16afea217b9ecc026630525199
SHA256

2e21c40a818ff112aa8f9c15c3718e3519b7f0f18470724d87463845866bee17
SHA512

3aa60311c2bbab21cb90e6c81bca3d6d485375b089e44b159f012c4a004ba1b3b8f741f91f1dd224e14cdfab3665eb31043126b65b8fffc67c40a88a7dad0837
SSDEEP

768:f9BC3fQjoTH8aqaFydKgvQDGpNs6Uqlyes4FZfAVdSU3xjr/lKaUKt8:W3s2q4zgoD8N5Ub/4F0IU7KaK

Score

10^/10

neshta

Detect Neshta payload 1 IoCs

resource	yara_rule
static1/unpack001/64fc66042f6f41d3aac49e7224162f441cb4bfd7425d42f893b744dc7cd02182.exe	family_neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/64fc66042f6f41d3aac49e7224162f441cb4bfd7425d42f893b744dc7cd02182.exe

2e21c40a818ff112aa8f9c15c3718e3519b7f0f18470724d87463845866bee17
.zip

Password: infected
64fc66042f6f41d3aac49e7224162f441cb4bfd7425d42f893b744dc7cd02182.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ