neshta | cd76b49fa890ab5845c4f49373a9c980518615bd9ea005fa61ad42837067dda7N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd76b49fa890ab5845c4f49373a9c980518615bd9ea005fa61ad42837067dda7N
Size

3.0MB
MD5

f41606819b123c0cf165d1581a8bb150
SHA1

cff1709e719043227cb58db0511b99385dcb8d2d
SHA256

cd76b49fa890ab5845c4f49373a9c980518615bd9ea005fa61ad42837067dda7
SHA512

1f02142af0966b5194b576a56c1b8490a728004f116d5b3baa5812c1488c46513b84864e980effaa9e4f8f09513036ed5152db741a4e0b05080d66a08f246708
SSDEEP

49152:4dJYVM+9JtzZWnoS2VC23aun8+f5KuGUOY9IGTiOynqBn333T/C:qJYVM+LtVt3P/KuGUONGTi3Gn333T6

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd76b49fa890ab5845c4f49373a9c980518615bd9ea005fa61ad42837067dda7N

Files

cd76b49fa890ab5845c4f49373a9c980518615bd9ea005fa61ad42837067dda7N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ