neshta | 8684a1e3258b3f2448bbeb7b47fc70f81535438c55bc283125b238263de5e8c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8684a1e3258b3f2448bbeb7b47fc70f81535438c55bc283125b238263de5e8c4
Size

662KB
MD5

dbc4fc93d64f894c6b1de97241212ce6
SHA1

0a912324b433fcd84259939f72284e5b320077ae
SHA256

8684a1e3258b3f2448bbeb7b47fc70f81535438c55bc283125b238263de5e8c4
SHA512

43d4c7bf736b9726557f12a8be3f78bf53125e752f851ab74daf012df40462b540215fceaea7c3e41220e673463af7b77f5481ca51db12a0697682bc78cb9eb3
SSDEEP

6144:k9+cICTjVE6YNe3Cl3dv+Vwm0yo+fOPjmAVTOq09exFQ+:f/0rqtmib+CNZ

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8684a1e3258b3f2448bbeb7b47fc70f81535438c55bc283125b238263de5e8c4

Files

8684a1e3258b3f2448bbeb7b47fc70f81535438c55bc283125b238263de5e8c4
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ