neshta | 279d330d24be83a16e1029b5f9b2c7d0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

279d330d24be83a16e1029b5f9b2c7d0N.exe
Size

100KB
MD5

279d330d24be83a16e1029b5f9b2c7d0
SHA1

70ca940e37aaa8720951bb9acbce32f59962728b
SHA256

cfca1807b6e4ebce9bd45a541e24cabbab6fe51f8b5d7fb010bf864b89d5b7a3
SHA512

88ec5957ef5b6d4fba46d4ced09c224b48f60d3a89d7a1b75972672bdc1cb5eea5f26f548666bc5417e8d1737edce22be7f6a5bc7e8deba655104256f35f755c
SSDEEP

1536:JxqjQ+P04wsmJCqXD1WfOogR3b4EvF8qIfkWxtKLoAhy6yO:sr85CID1KOoyXF8lUjhynO

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
279d330d24be83a16e1029b5f9b2c7d0N.exe

Files

279d330d24be83a16e1029b5f9b2c7d0N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ