neshta | 0d985e5506584a3c27597fe6f3e603c3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d985e5506584a3c27597fe6f3e603c3_JaffaCakes118
Size

3.1MB
MD5

0d985e5506584a3c27597fe6f3e603c3
SHA1

00b76eac4245d3cf70a2f0d6898f990f6a17e882
SHA256

7b93598048bc6f35d4c53aed3dbc59ca638438b84227b381e1876a68b6aadfd6
SHA512

b915f4e461480287d72c720833a757107d339725cc27c42be815965ee1e889f20c32beb786963340e9b5f9ec9bd72fb363a08ff95059347f8b345fe660ad0011
SSDEEP

49152:mkq6UKyS0IZH4X9LWwDK139jIKXJ1CyEOGMsajNE:lymZpwO13SiJ1CEGMsajNE

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d985e5506584a3c27597fe6f3e603c3_JaffaCakes118

Files

0d985e5506584a3c27597fe6f3e603c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bab33bfa41823efb6ba95ccc2751a8d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Speed\PC\cd\SpeedR.pdb

Imports

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

user32

SetWindowLongA
ShowCursor
PostThreadMessageA
wsprintfA
GetForegroundWindow
GetKeyState
keybd_event
RegisterClassA
IsIconic
GetWindowLongA
AdjustWindowRectEx
CreateWindowExA
GetDesktopWindow
ShowWindow
SetFocus
ClientToScreen
UnhookWindowsHookEx
wvsprintfA
SetCursorPos
EndPaint
DestroyWindow
GetMessageA
PostQuitMessage
SetCapture
BeginPaint
TranslateMessage
PeekMessageA
DefWindowProcA
PostMessageA
DispatchMessageA
ReleaseCapture
SetCursor
GetWindowRect
RegisterClassExA
SetForegroundWindow
GetClientRect
SetWindowsHookExA
LoadCursorA
AdjustWindowRect
SetRect
UnregisterClassA
SetActiveWindow
GetSystemMetrics
SetWindowPos
LoadIconA
CharUpperA
SystemParametersInfoA
SendNotifyMessageA
CallNextHookEx
GetAsyncKeyState
UpdateWindow

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA

winmm

timeGetTime
timeBeginPeriod
timeKillEvent
timeSetEvent
timeEndPeriod
timeGetDevCaps

gdi32

GetStockObject
DeleteObject

shfolder

SHGetFolderPathA

shell32

ShellExecuteA

ws2_32

socket
shutdown
bind
connect
ioctlsocket
setsockopt
WSAStartup
WSAGetLastError
closesocket
listen
accept
sendto
send
recvfrom
recv
getsockopt
select
getpeername
getsockname
WSAIoctl
gethostbyname
WSACleanup
ntohl
ntohs
htons
htonl

kernel32

GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
ReadConsoleInputA
IsBadCodePtr
SetUnhandledExceptionFilter
SetStdHandle
VirtualQuery
VirtualProtect
GetOEMCP
GetACP
GetCurrentProcessId
GetStringTypeW
GetStringTypeA
IsValidCodePage
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
IsValidLocale
EnumSystemLocalesA
CompareStringA
GetLocaleInfoA
GetUserDefaultLCID
GetCPInfo
RaiseException
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
HeapCreate
HeapDestroy
TlsAlloc
TlsFree
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsSetValue
ExitThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
RtlUnwind
SetErrorMode
Process32First
Sleep
GetLastError
GetLongPathNameA
Process32Next
CreateToolhelp32Snapshot
CloseHandle
GetVersionExA
GetCurrentDirectoryA
FindClose
FindFirstFileA
DeleteFileA
CreateDirectoryA
SetCurrentDirectoryA
WaitForSingleObject
GetModuleHandleA
GetLogicalDrives
GetDriveTypeA
SuspendThread
ResumeThread
OutputDebugStringA
GetTimeFormatA
GetDateFormatA
SetProcessAffinityMask
SetPriorityClass
GetCurrentProcess
QueryPerformanceCounter
GetCurrentThread
GetPriorityClass
SetThreadPriority
GetThreadPriority
GetProcessAffinityMask
QueryPerformanceFrequency
IsBadReadPtr
IsBadWritePtr
GetSystemInfo
IsProcessorFeaturePresent
lstrcmpiA
GetFullPathNameA
WideCharToMultiByte
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
CreateFileW
UnmapViewOfFile
GetProcAddress
LoadLibraryA
SetEvent
ResetEvent
SetLastError
CreateEventA
LocalFree
FormatMessageA
WriteFile
SetFilePointer
MoveFileA
ReadFile
GetVolumeInformationA
SetEndOfFile
GetLogicalDriveStringsA
GetDiskFreeSpaceA
TerminateThread
SleepEx
GetCurrentThreadId
GetExitCodeThread
DuplicateHandle
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
CreateMutexA
ReleaseMutex
VirtualFree
VirtualAlloc
CreateThread
InterlockedExchange
HeapFree
GetProcessHeap
HeapAlloc
WaitCommEvent
GetOverlappedResult
SetCommMask
WaitForMultipleObjects
PurgeComm
SetCommState
GetCommState
SetCommConfig
GetCommConfig
SetCommTimeouts
SetupComm
GetCommandLineA
ExitProcess
TerminateProcess

dsound

ord1

ddraw

DirectDrawCreate

tapi32

lineOpen
lineGetDevCaps
lineShutdown
lineInitialize
lineAnswer
lineMakeCall
lineGetID
lineClose
lineNegotiateAPIVersion

netapi32

Netbios

dinput

DirectInputCreateA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bab33bfa41823efb6ba95ccc2751a8d1

Headers

File Characteristics

PDB Paths

Imports

d3d9

dinput8

user32

advapi32

winmm

gdi32

shfolder

shell32

ws2_32

kernel32

dsound

ddraw

tapi32

netapi32

dinput

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 244KB - Virtual size: 242KB

.data Size: 208KB - Virtual size: 768KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 244KB - Virtual size: 242KB

.data
Size: 208KB - Virtual size: 768KB