neshta | 4d084d1710f6e37ef89eb6d81cd6b1ae44e482fbcc9613f764db6b6eafbae5f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d084d1710f6e37ef89eb6d81cd6b1ae44e482fbcc9613f764db6b6eafbae5f9
Size

145KB
MD5

c79c229ca8ae24d5f57cc5f9764e96f8
SHA1

e8f1fd4047cb0ee84c0bf718c588e9e1aabd7a28
SHA256

4d084d1710f6e37ef89eb6d81cd6b1ae44e482fbcc9613f764db6b6eafbae5f9
SHA512

75602a3a93ac6c4a7a1981585e41392ea2aeafba642c6cabbd70d252ad22854797a3adc2d772c6d99070aa21b444eee91129f4774ad9bfda4966b21256d5bbd0
SSDEEP

3072:sr85C0EFYJE3nwzPdCNU/efHYTo+HXtVS1/eI4pnTq:k9pFYOXwJigTHvEHGnTq

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d084d1710f6e37ef89eb6d81cd6b1ae44e482fbcc9613f764db6b6eafbae5f9

Files

4d084d1710f6e37ef89eb6d81cd6b1ae44e482fbcc9613f764db6b6eafbae5f9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ