neshta | e35170e9b27a880dc373fd10c71794a14f506951493cb00a2b8b43f254ce4248[.]exe | Triage

Sharing

General

Target

e35170e9b27a880dc373fd10c71794a14f506951493cb00a2b8b43f254ce4248.exe
Size

1.5MB
MD5

fe5a903da761be50d695add8c79744e2
SHA1

bd5eda0dd4f835e444bc176d0d8b9e087529aa01
SHA256

e35170e9b27a880dc373fd10c71794a14f506951493cb00a2b8b43f254ce4248
SHA512

4586f8692db5a23b0b4c0e3e96a9691c9f8be86af7854d68b15970d55244b7e37b5c5a6929a4024a9ca2ec4cffdaec83aba23c3e3e1d28aef104d8c83a0ec8e9
SSDEEP

24576:RBTZdZY0bYDjAVwMh91DCyDg3Qi7ZBRSZBVCwLToUgbjmnU2WmzMbSmu5EeY/O:Rhnz64fDCMgAid7SbVCwAfeU2Wmzqe9

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e35170e9b27a880dc373fd10c71794a14f506951493cb00a2b8b43f254ce4248.exe

Files

e35170e9b27a880dc373fd10c71794a14f506951493cb00a2b8b43f254ce4248.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ