neshta | b586b266c46c66eec9f97961ae5fd1fe082bfdc37f9084d7b043959665b198f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b586b266c46c66eec9f97961ae5fd1fe082bfdc37f9084d7b043959665b198f6
Size

90KB
MD5

00f11fbcf44beed85a399092e63c9d31
SHA1

379caa41e166c6b779ad7e547abfd64dfea36aab
SHA256

b586b266c46c66eec9f97961ae5fd1fe082bfdc37f9084d7b043959665b198f6
SHA512

6daa8a74739df97b7e91a864f9655039245410c6927e95779032a88093b258ecc2d6dd2a8197252aa38fdbeb99e61c32f3e51ce07f550cff73505183507bd892
SSDEEP

1536:JxqjQ+P04wsmJCMLznZ9iuo4Z726L/j98M6nJdV2otr/f9qilkOqN:sr85CMLrf24Z72q98M6nJ/2Otqz

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b586b266c46c66eec9f97961ae5fd1fe082bfdc37f9084d7b043959665b198f6

Files

b586b266c46c66eec9f97961ae5fd1fe082bfdc37f9084d7b043959665b198f6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ