neshta | ae31784116ddab32b1609ce4d71028c45bb62ba0a750baba642270a50f51919cN[.]exe | Triage

Sharing

General

Target

ae31784116ddab32b1609ce4d71028c45bb62ba0a750baba642270a50f51919cN.exe
Size

710KB
MD5

6487dccf7df9720ab864f07f8e7c2a30
SHA1

f0d70f0beb44442a77427e291d40de1a9292693f
SHA256

ae31784116ddab32b1609ce4d71028c45bb62ba0a750baba642270a50f51919c
SHA512

8a75cce980087a4e15623e4f91534506ce3479d790c8e11cfacfb6a70f4f71e132875173141cf0d7e4b591bab89bc8ee18da38ef4bef147dbc02101e4fe9f803
SSDEEP

12288:oxzRkYnEOrPM37qzHgA6/lZA32gLNNLLAR98oxsu5xzmg:oFRvEOrPM37qzHgA6c32gPMxsu5xz3

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae31784116ddab32b1609ce4d71028c45bb62ba0a750baba642270a50f51919cN.exe

Files

ae31784116ddab32b1609ce4d71028c45bb62ba0a750baba642270a50f51919cN.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ