neshta | 13f30bc2df339bc1799a939e522d3b58_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13f30bc2df339bc1799a939e522d3b58_JaffaCakes118
Size

514KB
MD5

13f30bc2df339bc1799a939e522d3b58
SHA1

a25bbb29978093e2496538763588e31ce7e16ece
SHA256

5d0a97488596bcd3b2ecece0ef27b90490601daac1c24b8a43823957d5e03822
SHA512

def009c1e4a5b7081691ba9797bc1ba7b73301f0d091cfad0df9af939fc2215d980a9f32ab5085c21c1cd7bc29dd791485e2e61069f49b2e30ff3607c6805be7
SSDEEP

3072:BE5ZCMWQc6MgrUxoIMaQWDZ1oI5jHn2zcDvs0uwad2zKcWZI7d4Upa7zrnjgK7yD:BfhQ7A8hEZ1QcY0uwifhQA9K9K9K9

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13f30bc2df339bc1799a939e522d3b58_JaffaCakes118

Files

13f30bc2df339bc1799a939e522d3b58_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e181a668351614796797c47c97d9cc41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
ReadFile
SetFilePointer
LoadResource
FindResourceA
GlobalUnlock
CopyFileA
SetEndOfFile
WinExec
SetCurrentDirectoryA
MulDiv
RemoveDirectoryA
MultiByteToWideChar
MoveFileA
WritePrivateProfileStringA
LockResource
GetPrivateProfileStringA
GetDriveTypeA
DeleteFileA
GetShortPathNameA
GetTempFileNameA
MoveFileExA
WaitForSingleObject
ExitThread
GetWindowsDirectoryA
lstrcatA
ResetEvent
SetEvent
lstrcpyA
lstrlenA
CreateDirectoryA
GetLastError
CreateEventA
CreateThread
WriteFile
GetTickCount
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleFileNameA
GetSystemDirectoryA
GetCurrentProcess
GetVersionExA
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcmpA
lstrcmpiA
FindFirstFileA
GetLogicalDrives
FindNextFileA
FindClose
lstrcpynA
GetVolumeInformationA
GetSystemDefaultLangID
HeapDestroy
GetEnvironmentVariableA
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
CloseHandle
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
VirtualFree
HeapFree
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapAlloc
VirtualAlloc
HeapReAlloc

user32

DefWindowProcA
BeginPaint
LoadStringA
GetWindowLongA
EndPaint
GetClientRect
MapWindowPoints
DestroyWindow
GetWindowTextA
ScreenToClient
GetSysColor
CheckDlgButton
EnableWindow
GetDlgItem
SetWindowTextA
UpdateWindow
PostMessageA
GetParent
SendDlgItemMessageA
MessageBoxA
LoadBitmapA
IsDlgButtonChecked
SetDlgItemTextA
SendMessageA
DrawFocusRect
FillRect
EndDialog
DialogBoxParamA
GetWindowRect
SetWindowPos
MoveWindow
GetDlgItemTextA
DispatchMessageA
PeekMessageA
TranslateMessage
CharUpperBuffA
IsWindowEnabled
wsprintfA
SystemParametersInfoA
ExitWindowsEx
GetDC
ReleaseDC
InvalidateRect
PostQuitMessage
ShowWindow
DefDlgProcA
LoadCursorA
RegisterClassA
UnregisterClassA
SetForegroundWindow
CreateDialogParamA
GetSystemMetrics
GetMessageA
IsDialogMessageA
CreateWindowExA
SetWindowLongA
GetForegroundWindow
CharUpperA
FindWindowA

gdi32

DeleteObject
TextOutA
SetBkMode
CreateFontIndirectA
GetTextMetricsA
SetTextColor
SelectObject
SetDIBitsToDevice
RealizePalette
SetBkColor
CreatePalette
DeleteDC
SelectPalette
BitBlt
CreateCompatibleBitmap
CreateBitmap
GetDeviceCaps
CreateDCA
CreateCompatibleDC
CreateSolidBrush
GetObjectA

advapi32

RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
CloseServiceHandle
RegEnumKeyExA
RegDeleteValueA
StartServiceA
OpenServiceA
OpenSCManagerA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

comctl32

ord17

lz32

LZCopy
LZClose
LZOpenFileA

winmm

mixerOpen
mixerGetLineInfoA
mixerGetLineControlsA
mixerSetControlDetails
mixerGetControlDetailsA
mixerClose

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prdata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e181a668351614796797c47c97d9cc41

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

lz32

winmm

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 232KB - Virtual size: 232KB

.prdata Size: - Virtual size: 20KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 232KB - Virtual size: 232KB

.prdata
Size: - Virtual size: 20KB