neshta | JaffaCakes118_1a3eb25daf0b4a5ee8def409ac5efba8

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1a3eb25daf0b4a5ee8def409ac5efba8
Size

227KB
MD5

1a3eb25daf0b4a5ee8def409ac5efba8
SHA1

6ee14f8aa9608d50110b0898754200a37e6f3a7a
SHA256

33c66e1c4a3147221039e4db5a31feb85df2394e05a2edde7330b5649d2d2079
SHA512

481bad6f3f06fec2da3e6263d5963df9ada6303e4a4142f70280a374d675a00664a3b7ac73bd573c3adb470efb76196ac69b4fff32fe3a6c8a9c18a930de368c
SSDEEP

3072:nr6W2wIcju6IIXlNPQmTh907Y6lP/8qkrHKSr85Cbcr6W2wIcju6pr85C:r6gI4u6lXnxh65QN9E6gI4u6F9

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
sample	family_neshta

Neshta family
neshta

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1a3eb25daf0b4a5ee8def409ac5efba8

Files

JaffaCakes118_1a3eb25daf0b4a5ee8def409ac5efba8
.exe windows:4 windows x86 arch:x86

9a7b4c03ca74eeea8b8e2b6945c8dbe3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
lstrcpynW
GetLocaleInfoA
GetTimeFormatA
LoadLibraryA
SizeofResource
CompareStringW
FindClose
FileTimeToLocalFileTime
SetStdHandle
GlobalLock
VirtualAlloc
GlobalSize
GetProcAddress
GetDateFormatW
GetSystemInfo

user32

DestroyCaret
SetDlgItemTextW
DragDetect
EnableWindow
IsWindow
SetCursor
TranslateAcceleratorW
GetWindowTextW
DefWindowProcW
SetCaretPos
IsZoomed
GetSystemMetrics
CharUpperW
RegisterClassW
SetScrollPos
ModifyMenuW
IsChild

gdi32

SelectObject
RestoreDC
CreatePen
EndDoc
DeleteObject
GetPixel
CreateCompatibleBitmap
CreateFontIndirectW
CreateHatchBrush
OffsetWindowOrgEx
CreatePatternBrush
PatBlt
AddFontResourceW
GetTextExtentPoint32W
SetBkColor
CreateFontW
GetDeviceCaps
EnumFontFamiliesExW
DPtoLP
SetTextColor
ExtTextOutW

comdlg32

GetOpenFileNameW
PrintDlgW
ChooseColorW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
IsTextUnicode
RegCreateKeyExW
RegOpenKeyExW

ole32

OleDuplicateData

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a7b4c03ca74eeea8b8e2b6945c8dbe3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 87KB - Virtual size: 86KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 512B - Virtual size: 52KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 52KB