neshta | JaffaCakes118_174ffcfb779bc3c1535f4be18f264ec6

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_174ffcfb779bc3c1535f4be18f264ec6
Size

112KB
MD5

174ffcfb779bc3c1535f4be18f264ec6
SHA1

cf4527d0040701a047bba6cd8151e8cef598854c
SHA256

319425d570a6d3b7021d469c489d1630666a921f32e67e971d583c1f1c8b5d80
SHA512

859045bdc763b968b81d98e6368bbf5f88be750247643b2e59dea31fe464fb16305909eadcd19e829439097929ad725db33ff8181328965b978f1709cb74273d
SSDEEP

1536:0C8eRLT44ELYYSPHQECHihr8Jiwkl7U2cK+rSMOxqjQ+P04wsmJC:1xSYYSYM8Ji17U2/+rSur85C

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_174ffcfb779bc3c1535f4be18f264ec6

Files

JaffaCakes118_174ffcfb779bc3c1535f4be18f264ec6
.exe windows:5 windows x86 arch:x86

06ac7ef45a4097e73f77c5f539b5fb7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\jobs\miktex-2.9\workspace\build-x86\binlib\psresize.pdb

Imports

miktex209-app

?Sorry@Application@App@MiKTeX@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVMiKTeXException@Core@3@@Z
?Finalize@Application@App@MiKTeX@@UAEXXZ
?Init@Application@App@MiKTeX@@UAEXAAV?$vector@PADV?$allocator@PAD@std@@@std@@@Z
??1Application@App@MiKTeX@@UAE@XZ
?Sorry@Application@App@MiKTeX@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVexception@5@@Z
??0Application@App@MiKTeX@@QAE@XZ

miktex209-getopt

MIKTEX_GETOPT_optarg
getopt
MIKTEX_GETOPT_optind

miktex209-core

?Get@Session@Core@MiKTeX@@SA?AV?$shared_ptr@VSession@Core@MiKTeX@@@std@@XZ

miktex209-util

?AnsiToUTF8@StringUtil@Util@MiKTeX@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
__std_exception_destroy
__std_exception_copy
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
exit
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
terminate
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_controlfp_s
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__acrt_iob_func
_fileno
fopen
_setmode
fputc
__stdio_common_vsprintf
__stdio_common_vfprintf
tmpfile
putc
fwrite
_ftelli64
_fseeki64
fread
fputs
fgets
feof
fclose

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-convert-l1-1-0

atoi
atof

api-ms-win-crt-string-l1-1-0

isspace
strncmp
_strdup
isdigit
strncpy

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
UnhandledExceptionFilter

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06ac7ef45a4097e73f77c5f539b5fb7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

miktex209-app

miktex209-getopt

miktex209-core

miktex209-util

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 373B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 373B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 2KB - Virtual size: 2KB