neshta | 50e75a0b9ecd6c229405accc8718415a754070793387eded3dd9b356643cd85a | Triage

Sharing

General

Target

50e75a0b9ecd6c229405accc8718415a754070793387eded3dd9b356643cd85a
Size

167KB
MD5

7b29b37be1a30faccb64699dbf47083c
SHA1

1fbed0fe9557fc9bec5e517a25f3287784db11b6
SHA256

50e75a0b9ecd6c229405accc8718415a754070793387eded3dd9b356643cd85a
SHA512

30d14dbd5d9bc5192cd6368937c7001b7a8f3b65d6c7bec0c8fc00ffef65d76665b6c8534342c3101285a9aaf9e6701b88c2785f67d00b04f2c0f34cd1017620
SSDEEP

3072:sr85Ce9zpLFaWDetR2SB8DApWB8DApxK5:k9CpaWk8DV8DGK5

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50e75a0b9ecd6c229405accc8718415a754070793387eded3dd9b356643cd85a

Files

50e75a0b9ecd6c229405accc8718415a754070793387eded3dd9b356643cd85a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ