neshta | 55b07fa14ae4a070d3dfe91bdf8c5fdc3932f35d6d23c68f0482385da038b1e3N | Triage

Sharing

General

Target

55b07fa14ae4a070d3dfe91bdf8c5fdc3932f35d6d23c68f0482385da038b1e3N
Size

239KB
MD5

dc3bccd631f8d9b40d73c66292734f30
SHA1

d133d1e3aaaf6feed53b83fcf68662d1dbba43ad
SHA256

55b07fa14ae4a070d3dfe91bdf8c5fdc3932f35d6d23c68f0482385da038b1e3
SHA512

1df1406dec823ebb441b4c8dd445ea31f4332b5f1b21a268b94e312e3ae10b7ca1c18eca814f51de3aa013cab187fff6daece1dc041c5729d964e1c4fc3c4068
SSDEEP

3072:sr85C9Q4NpVq8BxFRzaqF+o2GQJ7/JzqVfGvM2ggFI9Tj0OCAggFI9Tj0OCT:k99QgVqwlL2pI93JpI93K

Score

10^/10

neshta xworm

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Neshta family
neshta
Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55b07fa14ae4a070d3dfe91bdf8c5fdc3932f35d6d23c68f0482385da038b1e3N

Files

55b07fa14ae4a070d3dfe91bdf8c5fdc3932f35d6d23c68f0482385da038b1e3N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ