neshta | 8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118
Size

4.7MB
MD5

8a62c2375b7b9bf1ebd5ed6c09f5eb3e
SHA1

0f27a932e026222efef2c212a37fbb525e77dac9
SHA256

55b6ae69111e87ac59d1ea234bfc0de8f739d9abcf1a38ef62ace55fef4ad9de
SHA512

367d6231fa740ac4c10505793732c17accf56b63ec9ad68808c4aad3ff1f7d86eca37df6e298342aa380ffd4164715795569005f454ae8f1ddb2da896d6e91f2
SSDEEP

49152:MRoXaD05HWZjHdeLbBSmPo2L9uVTc0V6RHCSHG:ixDOW8BSXRVIz

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

Processes:

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118

Files

8a62c2375b7b9bf1ebd5ed6c09f5eb3e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6894abd410b7ff3decf296cf2d9fd92f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\ProcExp\exe\Release\procexp.pdb

Imports

ws2_32

htons
WSAStartup
getservbyport
ntohs
ntohl
htonl
gethostbyaddr

mpr

WNetGetConnectionA

comctl32

CreateToolbarEx
CreatePropertySheetPageA
PropertySheetA
ord6
ord17
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_Destroy
InitCommonControlsEx

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

credui

CredUIPromptForCredentialsA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

kernel32

IsBadStringPtrA
GetCurrentProcess
LockResource
SizeofResource
LoadResource
FindResourceA
CreateFileA
SetLastError
InterlockedDecrement
InterlockedIncrement
GetCommandLineW
MultiByteToWideChar
OpenEventA
CreateEventA
GetEnvironmentVariableA
MulDiv
GetTickCount
lstrcatA
HeapFree
lstrcpyA
HeapAlloc
GetProcessHeap
ReadProcessMemory
GetDateFormatA
lstrcmpA
lstrcmpiA
CreateProcessA
ExpandEnvironmentStringsA
SearchPathA
GetFileAttributesA
VirtualQueryEx
OpenProcess
SetFilePointer
ReadFile
GetNumberFormatA
lstrcpynA
GetSystemDirectoryA
GetProcessAffinityMask
Sleep
SetThreadAffinityMask
GetCurrentThread
DeleteFileA
GetCommandLineA
SetEnvironmentVariableA
GetVersionExA
ResetEvent
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
lstrlenA
GlobalMemoryStatus
WaitForMultipleObjects
SetErrorMode
GetCurrentProcessId
GetLocaleInfoA
GetComputerNameW
TerminateProcess
SetPriorityClass
FindClose
FindFirstFileA
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalReAlloc
SetProcessWorkingSetSize
FormatMessageA
DuplicateHandle
GetProcessWorkingSetSize
DeviceIoControl
GetCurrentDirectoryA
GetDriveTypeA
VirtualFree
VirtualAlloc
GetFileTime
GetExitCodeThread
GetThreadContext
GlobalAddAtomA
GetSystemInfo
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
GetStartupInfoA
ResumeThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
GetCurrentThreadId
ExitThread
HeapReAlloc
RtlUnwind
RaiseException
InterlockedExchange
InitializeCriticalSection
GetSystemTimeAsFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryA
GetProcAddress
WaitForSingleObject
TerminateThread
WideCharToMultiByte
CreateToolhelp32Snapshot
Module32First
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
CloseHandle
Module32Next
GetModuleHandleA
SetEvent
GetVersion
GetLastError
LocalFree
LocalAlloc
GetModuleFileNameA
GetStringTypeW
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
PulseEvent
FreeEnvironmentStringsW

user32

GetDlgItemTextA
CreateDialogParamA
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
ExitWindowsEx
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendMessageTimeoutA
GetWindow
GetDesktopWindow
GetUserObjectSecurity
SetUserObjectSecurity
GetKeyState
CheckRadioButton
MsgWaitForMultipleObjects
PeekMessageA
GetDlgCtrlID
ScrollWindowEx
SetScrollInfo
GetScrollInfo
IntersectRect
GetUpdateRgn
GetClassLongA
CheckMenuRadioItem
RedrawWindow
wsprintfA
ShowWindowAsync
SetForegroundWindow
FindWindowExA
IsIconic
RemoveMenu
SetMenuItemInfoA
DeleteMenu
EnableWindow
CheckDlgButton
IsDlgButtonChecked
FillRect
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
ModifyMenuA
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenu
EnableMenuItem
DestroyIcon
SetClassLongA
GetDoubleClickTime
InvalidateRgn
SetFocus
SetTimer
WindowFromPoint
KillTimer
RegisterWindowMessageA
MessageBoxA
LoadStringA
FindWindowA
LoadIconA
LoadImageA
RegisterClassA
SetWindowPlacement
UpdateWindow
InflateRect
SetWindowTextA
DialogBoxIndirectParamA
DrawMenuBar
PostQuitMessage
DrawIconEx
TrackPopupMenu
GetCapture
ReleaseCapture
SetCapture
GetWindowDC
DrawEdge
DefDlgProcA
DefFrameProcA
DefMDIChildProcA
ClientToScreen
SystemParametersInfoA
DrawTextA
FrameRect
GetDC
ReleaseDC
CreateIconIndirect
MapWindowPoints
DestroyWindow
CreateWindowExA
IsWindowVisible
GetFocus
CopyRect
GetPropA
ScreenToClient
GetClassNameA
DeferWindowPos
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
OffsetRect
UnionRect
IsZoomed
GetSystemMetrics
PtInRect
BeginPaint
GetClientRect
DrawFrameControl
EndPaint
SetPropA
CallWindowProcA
DefWindowProcA
GetWindowLongA
GetParent
SendMessageA
ShowWindow
SetWindowLongA
GetCursorPos
SetWindowPos
PostMessageA
EndDialog
GetDlgItem
GetWindowRect
MoveWindow
SetDlgItemTextA
LoadCursorA
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
DialogBoxParamA
LoadMenuA
InsertMenuA
CheckMenuItem
GetWindowPlacement
CreateMenu
RegisterClassExA

gdi32

GetObjectA
CreateFontIndirectA
CreateCompatibleBitmap
LineTo
MoveToEx
GetTextMetricsA
Polyline
GetBkMode
GetBkColor
SelectClipRgn
CreateRectRgnIndirect
RectInRegion
CreateRectRgn
SaveDC
SetTextAlign
SetROP2
CreatePen
Rectangle
SetBkMode
SetTextColor
SelectObject
ExtTextOutA
GetTextExtentPoint32A
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc
SetBkColor
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreateSolidBrush
DeleteObject
GetStockObject
RestoreDC

comdlg32

ChooseFontA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
FindTextA
PrintDlgA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoSetProxyBlanket

oleaut32

VariantClear
VariantInit
SafeArrayGetElement
VariantChangeType
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen
SysFreeString
SafeArrayAccessData

Sections

.text
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

OGRE2.01
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6894abd410b7ff3decf296cf2d9fd92f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

mpr

comctl32

version

credui

setupapi

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: 587KB - Virtual size: 587KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 18KB - Virtual size: 141KB

.rsrc Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 50KB - Virtual size: 50KB

.data Size: 2KB - Virtual size: 2KB

OGRE2.01 Size: 512B - Virtual size: 4KB

.text
Size: 587KB - Virtual size: 587KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 18KB - Virtual size: 141KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 50KB - Virtual size: 50KB

.data
Size: 2KB - Virtual size: 2KB

OGRE2.01
Size: 512B - Virtual size: 4KB