neshta | a5fe0e2d059caf3318d9d3dcafc4cddb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a5fe0e2d059caf3318d9d3dcafc4cddb_JaffaCakes118
Size

6.5MB
MD5

a5fe0e2d059caf3318d9d3dcafc4cddb
SHA1

10190cf7bfd41ffea6e8fbbc2c6b6fd1b508c0a6
SHA256

e0efb41b44af7b91820339b746c1c3a2b4eef85030de24ddf5dfe2fb00b79aa3
SHA512

f99dc45a9170fb2a1b64e5fea36985da2958d4473b977d0ca6a1c81f0ec0cfaa3378cbbe01bbe7adbd38bfac4487c773da7836f10fb96f61c544584ba09f034f
SSDEEP

98304:Snsmtk2axmtk2aBmtk2aBmtk2aCmtk2aqmtk2arNEVJyZlng4p2VQnan3n5nNn9:cLNV1YI6EVcn1pbU3Fx9

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5fe0e2d059caf3318d9d3dcafc4cddb_JaffaCakes118

Files

a5fe0e2d059caf3318d9d3dcafc4cddb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ