neshta | JaffaCakes118_31d417a0ede024aa964bfc987151dec4

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_31d417a0ede024aa964bfc987151dec4
Size

341KB
MD5

31d417a0ede024aa964bfc987151dec4
SHA1

b8338b27a031fcf76a80a8bea815b992bfcca8c6
SHA256

ee501d8468e0940b96be0b1b395ed0310db4b33130debb773d50e055020c667c
SHA512

c19385b3871d5bb74bca8589f840694e75e4d7891443183b9b2fe3d922ec7719d7ca59f828fdf4c27311b47e17ab0860f5e84e1091d476228faf4a053f5880eb
SSDEEP

6144:Ih942uMYrNUhJ5E5wW+uFBYvpL6agG90h9:I82ujiJ5E5OuFmRL61L

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_31d417a0ede024aa964bfc987151dec4

Files

JaffaCakes118_31d417a0ede024aa964bfc987151dec4
.exe windows:5 windows x86 arch:x86

fb0ae5dc7eaaef44a52a37f5ce8975a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathAppendW

kernel32

CreateFileW
CloseHandle
ExitProcess
GetCommandLineW
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
Sleep
lstrlenW
GetCurrentDirectoryW
GetProcAddress
MoveFileW
LoadLibraryA
SetCurrentDirectoryW
GetModuleHandleA
lstrcpyW
ReadFile
GetLastError
LocalFree
GetConsoleCP
SetFilePointerEx
SetStdHandle
LoadLibraryExW
LCMapStringW
GetModuleHandleW
SetFileAttributesW
DeleteFileW
GetFileAttributesW
FlushFileBuffers
OutputDebugStringW
WriteConsoleW
CreateMutexW
TlsFree
TlsSetValue
EncodePointer
DecodePointer
HeapReAlloc
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
MultiByteToWideChar
GetStringTypeW
GetModuleHandleExW
WideCharToMultiByte
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
SetEndOfFile

user32

TranslateMessage
IsDialogMessageW
GetWindowLongW
PeekMessageW
GetDlgItem
KillTimer
CreateDialogParamW
MessageBoxW
SetDlgItemTextW
EnableWindow
SetWindowTextW
DispatchMessageW
SetTimer
SendDlgItemMessageW
DestroyWindow
SetWindowLongW

advapi32

CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW

shell32

CommandLineToArgvW
SHCreateDirectoryExW

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb0ae5dc7eaaef44a52a37f5ce8975a4

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 9KB