neshta | BestNLBrute[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

BestNLBrute.zip
Size

7.5MB
MD5

8f7b9fd8bc2ac4f7b2a806e5c1fe166c
SHA1

3dd8cf658c17def0377baabfd473037a264c3fd5
SHA256

11179c34425fcd0dcf122f89e74ea745212772280013f570979302acff40266e
SHA512

d7714bc8ae279e17683d555aabb5d6e0174a61d73d57108ff09bf8ab4d093fa0cfea6e552fbde5f84dfe9e51fd9f2abfb708515b1026e0f03d67fc3bd9cb4c05
SSDEEP

196608:fO60xdddo2FMWdVVRj81QcOhvoG0m1cOwoUJGh90lDHB3J:fOl/opWd181QcOhvDbfiGodT

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 1 IoCs

resource	yara_rule
static1/unpack001/BestNLBrute/KeyGen crackzerro.exe	family_neshta

Neshta family
neshta

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BestNLBrute/KeyGen crackzerro.exe
unpack001/BestNLBrute/NLBrute.exe

Files

BestNLBrute.zip
.zip
BestNLBrute/KeyGen crackzerro.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BestNLBrute/NLBrute.exe
.exe windows:6 windows x64 arch:x64

1d598436df3dc5afc05e45d3e373f4de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
CreateBitmap
GetDIBits
CreateDIBSection
CreatePalette
GetPaletteEntries
SelectClipRgn
GdiFlush
GetTextMetricsW
GetFontData
CreateFontIndirectW
EnumFontFamiliesExW
GetRegionData
CreateRectRgn
CreateEllipticRgn
SelectPalette
RealizePalette
PtInRegion
GetStockObject
OffsetRgn
CombineRgn
GetObjectW
SelectObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

comdlg32

GetOpenFileNameW

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
VariantInit
SysStringLen
SysAllocString

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionFontW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

winmm

PlaySoundW

ws2_32

WSAStartup
WSACleanup
__WSAFDIsSet
closesocket
connect
WSAAsyncSelect
htonl
WSASetLastError
shutdown
gethostname
WSAEventSelect
WSACreateEvent
WSAGetLastError
socket
setsockopt
send
select
recv
inet_addr
htons
getsockopt
getsockname
ioctlsocket

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
DoDragDrop
CoInitialize
CoTaskMemFree
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoGetMalloc
ReleaseStgMedium

user32

LoadIconW
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyboardLayout
SetCaretPos
HideCaret
CreateCaret
TranslateMessage
GetKeyboardLayoutList
ChangeClipboardChain
SetClipboardViewer
GetWindowThreadProcessId
RegisterWindowMessageW
GetAsyncKeyState
RegisterClipboardFormatW
GetIconInfo
DrawIconEx
GetParent
GetSysColorBrush
GetSysColor
WindowFromPoint
SetCaretBlinkTime
GetCaretBlinkTime
ClipCursor
MessageBeep
InvalidateRgn
GetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
GetKeyState
FlashWindowEx
RegisterClassExW
GetClassInfoW
UnregisterClassW
SetDoubleClickTime
GetDoubleClickTime
DefWindowProcW
PostMessageW
PeekMessageW
CreateIconIndirect
GetClipboardFormatNameW
DestroyCursor
CreateCursor
GetCursorPos
SetCursorPos
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetDesktopWindow
SetWindowLongPtrW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
ScrollWindowEx
ValidateRgn
InvalidateRect
SetWindowRgn
SetForegroundWindow
UpdateWindow
GetSystemMetrics
ReleaseCapture
SetCapture
IsZoomed
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
SendMessageW
SetWindowLongW
GetWindowLongW
ReleaseDC
GetDC
GetFocus
GetActiveWindow
SetFocus
EnableMenuItem
GetSystemMenu
IsChild
SystemParametersInfoW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
CharNextExA
DispatchMessageW
RegisterClassW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
GetWindowLongPtrW
LoadImageW
DestroyCaret

advapi32

RegisterEventSourceW
ReportEventW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
DeregisterEventSource

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetFileInfoW

kernel32

UnhandledExceptionFilter
RtlCaptureContext
GetCPInfo
SetFileAttributesW
SetStdHandle
GetConsoleCP
ReadConsoleW
ExitThread
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetTimeZoneInformation
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
AreFileApisANSI
GetModuleHandleExW
HeapAlloc
GetCommandLineA
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
HeapFree
lstrlenA
GetStringTypeW
DecodePointer
EncodePointer
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileW
CopyFileW
DeviceIoControl
GetTempPathW
RemoveDirectoryW
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
QueryPerformanceFrequency
SetFilePointerEx
SetEndOfFile
GetLogicalDrives
GetSystemDirectoryW
LoadLibraryExW
GetModuleFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetCommandLineW
GetLocalTime
WaitForMultipleObjects
GetSystemInfo
TlsFree
TlsSetValue
SetUnhandledExceptionFilter
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
SwitchToThread
GetCurrentProcess
CreateEventW
SetEvent
DuplicateHandle
VerifyVersionInfoW
FormatMessageW
LocalFree
GetVersionExW
VerSetConditionMask
CreateSemaphoreW
ReleaseSemaphore
GetUserDefaultLCID
CompareStringW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointer
ReadFile
CreateFileW
ExitProcess
GlobalSize
CreateProcessW
ExpandEnvironmentStringsW
lstrcmpW
IsValidLocale
IsValidLanguageGroup
CheckRemoteDebuggerPresent
OpenProcess
GetLongPathNameW
GlobalUnlock
GlobalLock
GetUserDefaultLangID
GetLocaleInfoW
SetErrorMode
GetVolumeInformationW
GetStartupInfoW
FlushConsoleInputBuffer
LoadLibraryW
GlobalMemoryStatus
GetTickCount
CreateDirectoryA
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
FindNextFileW
FindFirstFileW
FindClose
RtlVirtualUnwind
MultiByteToWideChar
GetModuleHandleW
GetFileType
GetStdHandle
GetLastError
SetLastError
lstrlenW
FreeLibrary
GetCurrentThreadId
CreateMutexW
ReleaseMutex
lstrcpyW
LoadLibraryA
GlobalFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TerminateProcess
LCMapStringW
EnumSystemLocalesW
HeapSize
GetProcessHeap
IsValidCodePage
GetACP
TlsGetValue
GetOEMCP
FlushFileBuffers
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
GetFullPathNameA
FileTimeToLocalFileTime
PeekNamedPipe
FindFirstFileExW
GlobalAlloc
GetProcAddress
GetVolumeInformationA
GetDriveTypeW
CloseHandle
WaitForSingleObject
CreateThread
Sleep

Exports

Exports

Deinitialize
Initialize
Test

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BestNLBrute/hwid.txt
BestNLBrute/settings.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 29KB - Virtual size: 28KB

DATA Size: 1024B - Virtual size: 536B

BSS Size: - Virtual size: 42KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

1d598436df3dc5afc05e45d3e373f4de

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

comdlg32

oleaut32

imm32

winmm

ws2_32

ole32

user32

advapi32

shell32

kernel32

Exports

Exports

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 242KB - Virtual size: 277KB

.pdata Size: 326KB - Virtual size: 325KB

_RDATA Size: 512B - Virtual size: 272B

.rsrc Size: 325KB - Virtual size: 324KB

.reloc Size: 55KB - Virtual size: 54KB

CODE
Size: 29KB - Virtual size: 28KB

DATA
Size: 1024B - Virtual size: 536B

BSS
Size: - Virtual size: 42KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 242KB - Virtual size: 277KB

.pdata
Size: 326KB - Virtual size: 325KB

_RDATA
Size: 512B - Virtual size: 272B

.rsrc
Size: 325KB - Virtual size: 324KB

.reloc
Size: 55KB - Virtual size: 54KB