neshta | JaffaCakes118_df7de98b865ac170fd7da55a675a4ddb

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_df7de98b865ac170fd7da55a675a4ddb
Size

595KB
MD5

df7de98b865ac170fd7da55a675a4ddb
SHA1

99c6b9705f7149a4178d906a441253ef532fed6e
SHA256

fd8c2229b4b0ca8770b4b0115c05cedb7520e09a0a20324c43582debdb9896d6
SHA512

684074456f4f1694a312c792dc7f3cfd582b3de9940366e69bb57e41c38c2ecedac4ef97f8674812a248512a4f3245a6020d0b13ef93c935411b71093e835632
SSDEEP

12288:RqFwpkDPhijh2Z1MVM9aWmHd/1Uk496YKQFM8a4VC:RqFwqThijh2/5Ux1+r9TRaAC

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Files

JaffaCakes118_df7de98b865ac170fd7da55a675a4ddb
.exe windows:5 windows x86 arch:x86

62df9102727220cfa42ee5fb50554dfb

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:09:89:b9:85:49:11:4e:70:ed:3f:3d:ea:55:23:43
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

21-09-2020 00:00

Not After

21-09-2021 23:59

Subject

CN=PLANET ADVISORY LIMITED,O=PLANET ADVISORY LIMITED,L=LONDON,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:09:89:b9:85:49:11:4e:70:ed:3f:3d:ea:55:23:43
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

21-09-2020 00:00

Not After

21-09-2021 23:59

Subject

CN=PLANET ADVISORY LIMITED,O=PLANET ADVISORY LIMITED,L=LONDON,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:8c:c9:71:38:b8:ba:55:b4:0f:77:c3:21:e2:8e:3b:bf:ce:c7:79:ec:4a:1c:4c:ee:25:81:35:71:f9:38:3b
Signer

Actual PE Digest

15:8c:c9:71:38:b8:ba:55:b4:0f:77:c3:21:e2:8e:3b:bf:ce:c7:79:ec:4a:1c:4c:ee:25:81:35:71:f9:38:3b

Digest Algorithm

sha256

PE Digest Matches

false

05:a1:70:ca:7c:7f:65:41:77:53:14:4e:0a:61:ab:47:63:b8:93:2a
Signer

Actual PE Digest

05:a1:70:ca:7c:7f:65:41:77:53:14:4e:0a:61:ab:47:63:b8:93:2a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
ReadFile
GetModuleFileNameW
CreateFileW
GetTempPathW
GetFileSizeEx
GetProcAddress
FindClose
IsWow64Process
FindNextFileW
ExpandEnvironmentStringsW
FreeResource
SetFilePointer
SetEndOfFile
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
GetThreadTimes
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetLastError
GetStringTypeW
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
GetModuleHandleExW
ExitProcess
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
CreateTimerQueue
LoadLibraryExW
ExitThread
CreateThread
CreateSemaphoreW
GetTickCount
GetStartupInfoW
TlsFree
WriteFile
GetCurrentProcess
FreeLibrary
FindFirstFileW
GetTempFileNameW
MultiByteToWideChar
WideCharToMultiByte
LockResource
SizeofResource
LoadResource
FindResourceW
FormatMessageW
GetModuleHandleW
DeleteFileW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
LocalFree
CloseHandle
ReleaseMutex
DecodePointer
FreeLibraryAndExitThread
HeapSize
VerifyVersionInfoW
RaiseException
Sleep
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
InitializeCriticalSection
VerSetConditionMask
HeapAlloc
CreateMutexW
HeapReAlloc
GetCommandLineW
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
CreateEventW
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwind
EncodePointer
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
WaitForSingleObject
DuplicateHandle
MoveFileExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileType
WriteConsoleW

user32

SetWindowLongW
ReleaseDC
GetWindowLongW
RegisterClassExW
IsDialogMessageW
TranslateMessage
GetDC
LoadCursorW
MapWindowPoints
DefWindowProcW
RedrawWindow
DispatchMessageW
GetDesktopWindow
UnregisterClassW
GetMessageW
GetWindowRect
LoadIconW
LoadImageW
CharLowerA
EnumDisplaySettingsW
MonitorFromPoint
SetWindowTextW
SendMessageW
GetSysColor
GetDlgItem
SetWindowPos
EnumChildWindows
ShowWindow
CreateWindowExW
PostMessageW
MessageBoxW
GetWindowTextW
GetClientRect
TrackMouseEvent
GetParent
GetWindowTextLengthW
DrawTextW
FillRect
CharLowerW
CharUpperW
DestroyIcon
SetForegroundWindow
SetTimer
KillTimer
MapDialogRect
FindWindowW
PostQuitMessage
SetClassLongW
ShowScrollBar
ClientToScreen
DestroyWindow
EnableWindow
MoveWindow
DrawIconEx
EndPaint
SetCapture
GetFocus
SetFocus
BeginPaint
LockWindowUpdate
SetCursorPos
GetCursorPos
GetSysColorBrush
ReleaseCapture
GetSystemMetrics
UpdateWindow
SetCursor
ShowCursor
DestroyCursor
IsWindowEnabled
GetDlgCtrlID

gdi32

StretchBlt
SetStretchBltMode
CreatePen
GetBkMode
SetBkColor
GetBkColor
GetTextColor
SetTextColor
CreateFontIndirectW
CreateSolidBrush
AddFontMemResourceEx
GetDeviceCaps
GetStockObject
GetDIBits
SetDIBits
BitBlt
DeleteDC
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
RemoveFontMemResourceEx

advapi32

RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoUninitialize

shlwapi

PathIsURLW
AssocQueryStringW
PathMatchSpecW
PathFileExistsW

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord410
ord413
ord412
InitCommonControlsEx

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

gdiplus

GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFileICM
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipGetImageHeight

msimg32

GradientFill
AlphaBlend

winmm

timeKillEvent
timeSetEvent

wininet

InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetCrackUrlW
HttpQueryInfoA
InternetOpenW
InternetGetLastResponseInfoW

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62df9102727220cfa42ee5fb50554dfb

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

49:09:89:b9:85:49:11:4e:70:ed:3f:3d:ea:55:23:43Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

49:09:89:b9:85:49:11:4e:70:ed:3f:3d:ea:55:23:43Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

15:8c:c9:71:38:b8:ba:55:b4:0f:77:c3:21:e2:8e:3b:bf:ce:c7:79:ec:4a:1c:4c:ee:25:81:35:71:f9:38:3bSigner

05:a1:70:ca:7c:7f:65:41:77:53:14:4e:0a:61:ab:47:63:b8:93:2aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

version

comctl32

rpcrt4

gdiplus

msimg32

winmm

wininet

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 9KB - Virtual size: 28KB

.rsrc Size: 81KB - Virtual size: 80KB

.reloc Size: 17KB - Virtual size: 17KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

49:09:89:b9:85:49:11:4e:70:ed:3f:3d:ea:55:23:43
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

49:09:89:b9:85:49:11:4e:70:ed:3f:3d:ea:55:23:43
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

15:8c:c9:71:38:b8:ba:55:b4:0f:77:c3:21:e2:8e:3b:bf:ce:c7:79:ec:4a:1c:4c:ee:25:81:35:71:f9:38:3b
Signer

05:a1:70:ca:7c:7f:65:41:77:53:14:4e:0a:61:ab:47:63:b8:93:2a
Signer

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 9KB - Virtual size: 28KB

.rsrc
Size: 81KB - Virtual size: 80KB

.reloc
Size: 17KB - Virtual size: 17KB