neshta | 72e76d5332f6cdeeb3013f01719605e48d8237e811545df4f8f3e6b3f4e14d43 | Triage

Sharing

General

Target

72e76d5332f6cdeeb3013f01719605e48d8237e811545df4f8f3e6b3f4e14d43
Size

118KB
MD5

a37ad92f0af0a3c77e754518782a183e
SHA1

5ed55dd3f003f9b69b4ad22602b364586b9edcdf
SHA256

72e76d5332f6cdeeb3013f01719605e48d8237e811545df4f8f3e6b3f4e14d43
SHA512

84a3537dd1e97145ec91e5937050f5f5855c921cbb095cb02ba0c0448ff1cb740c0a00d650a50b91c8056023997af12bf6b176259205ef28c39d7056e3bd8ec1
SSDEEP

1536:JxqjQ+P04wsmJCliPzmU70LAo/OOviUFTaL2dDNYOFWHWI3go:sr85CliPzmUot/OOvrFTaL2dDGxWqv

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72e76d5332f6cdeeb3013f01719605e48d8237e811545df4f8f3e6b3f4e14d43

Files

72e76d5332f6cdeeb3013f01719605e48d8237e811545df4f8f3e6b3f4e14d43
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ