neshta | fb56d15d1898636a035c1f90b46c87d679c246ca951db84ef073956814861a6f | Triage

Sharing

General

Target

fb56d15d1898636a035c1f90b46c87d679c246ca951db84ef073956814861a6f
Size

391KB
MD5

91740a7afc462b668c1d5fdbd9a8ec40
SHA1

19c24aa6ca6e6154daa2eb9153e3fd911f8554f4
SHA256

fb56d15d1898636a035c1f90b46c87d679c246ca951db84ef073956814861a6f
SHA512

9a234066ac875ec3f32182b4be70b4da4b14d3a4123cee27974dcdcdd6c4f57a5f355ee3c84da06c66441594dda14564158470af1f52ef0c1f15d5292bae6e86
SSDEEP

6144:k9IDSoMXOhwvORswP7vZR+/qlBmUNVH15jsrX0jnZAndbXn533z27dc1dh:X42RPBgFX5Hz2ux

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb56d15d1898636a035c1f90b46c87d679c246ca951db84ef073956814861a6f

Files

fb56d15d1898636a035c1f90b46c87d679c246ca951db84ef073956814861a6f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ