a46bea71...f946 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Keylogger, Dropper, Trojan, Virus

Stubctborgfinrrrrrrrrrrrrrrr.exe

Windows Exe (x86-32)

Created at 2020-01-06T07:12:00

...

Remarks

(0x200001b): The maximum number of file reputation requests per analysis (150) was exceeded.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Stubctborgfinrrrrrrrrrrrrrrr.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 701.50 KB
MD5 0c251781c324eb0022bf5b39ed33c2df Copy to Clipboard
SHA1 61acbd899af4b8d44fdf839358afb64a18f11c13 Copy to Clipboard
SHA256 a46bea71e73637bbc88601cc088e2f8ea15ebe711a862a4d0dd2d7623f60f946 Copy to Clipboard
SSDeep 12288:dqb8G7YdpkqP9MVLwGM8AMFt35+H16qtVLB/UEtWWIIk9O6dWuhDqWU/PuU6yy8j:dLrPRGM/gt350VVUNlhdWsqW8Piyy80C Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-03 04:56 (UTC+1)
Last Seen 2020-01-05 08:58 (UTC+1)
Names ByteCode-MSIL.Trojan.Filecoder
Families Filecoder
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x4ac3fe
Size Of Code 0xaa600
Size Of Initialized Data 0x4800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-10-28 03:49:33+00:00
Version Information (9)
»
Assembly Version 2.0.0.1
CompanyName Host Process for Windows Services
FileDescription Host Process for Windows Services
FileVersion 2.0.0.1
InternalName Stubctborgfinrrrrrrrrrrrrrrr.exe
LegalCopyright
OriginalFilename Stubctborgfinrrrrrrrrrrrrrrr.exe
ProductName Host Process for Windows Services
ProductVersion 2.0.0.1
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0xaa404 0xaa600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.81
.sdata 0x4ae000 0x1e8 0x200 0xaaa00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.58
.rsrc 0x4b0000 0x4208 0x4400 0xaac00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.51
.reloc 0x4b6000 0xc 0x200 0xaf000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0xac3d8 0xaa7d8 0x0
Memory Dumps (30)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
stubctborgfinrrrrrrrrrrrrrrr.exe 1 0x01270000 0x01327FFF Relevant Image - 32-bit - False False
...
buffer 1 0x00BB6000 0x00BBCFFF First Execution - 32-bit 0x00BBBF9A False False
...
buffer 1 0x00BB6000 0x00BBCFFF Content Changed - 32-bit 0x00BBC012 False False
...
buffer 1 0x00811000 0x00811FFF First Execution - 32-bit 0x00811D00 False False
...
buffer 1 0x009C2000 0x009C2FFF First Execution - 32-bit 0x009C2000 False False
...
buffer 1 0x00812000 0x00812FFF First Execution - 32-bit 0x00812100 False False
...
buffer 1 0x009C2000 0x009C2FFF Content Changed - 32-bit 0x009C2354 False False
...
buffer 1 0x00A50000 0x00A5FFFF Content Changed - 32-bit 0x00A5070C False False
...
buffer 1 0x00811000 0x00811FFF Content Changed - 32-bit 0x00811F33 False False
...
buffer 1 0x00813000 0x00813FFF First Execution - 32-bit 0x008131A3 False False
...
stubctborgfinrrrrrrrrrrrrrrr.exe 1 0x01270000 0x01327FFF Final Dump - 32-bit - False False
...
buffer 1 0x00814000 0x00814FFF First Execution - 32-bit 0x0081406F False False
...
buffer 1 0x00815000 0x00815FFF First Execution - 32-bit 0x00815080 False False
...
buffer 1 0x00BB6000 0x00BBCFFF Content Changed - 32-bit 0x00BBCC5F False False
...
buffer 1 0x00813000 0x00813FFF Content Changed - 32-bit 0x008139B0 False False
...
buffer 1 0x00815000 0x00815FFF Content Changed - 32-bit 0x00815D4D False False
...
buffer 1 0x00812000 0x00812FFF Content Changed - 32-bit 0x00812238 False False
...
buffer 1 0x00BB6000 0x00BBCFFF Content Changed - 32-bit 0x00BBC432 False False
...
buffer 1 0x009C2000 0x009C2FFF Content Changed - 32-bit 0x009C2C30 False False
...
buffer 1 0x00814000 0x00814FFF Content Changed - 32-bit 0x008146EA False False
...
buffer 1 0x00816000 0x00816FFF First Execution - 32-bit 0x00816224 False False
...
buffer 1 0x009C3000 0x009C3FFF First Execution - 32-bit 0x009C3000 False False
...
buffer 1 0x00817000 0x00817FFF First Execution - 32-bit 0x00817000 False False
...
buffer 1 0x00818000 0x00818FFF First Execution - 32-bit 0x00818018 False False
...
buffer 1 0x00BB6000 0x00BBCFFF Content Changed - 32-bit 0x00BBBF9A False False
...
buffer 1 0x009C3000 0x009C3FFF Content Changed - 32-bit 0x009C3A16 False False
...
buffer 1 0x00BB6000 0x00BBCFFF Content Changed - 32-bit 0x00BBBF9A False False
...
buffer 1 0x00818000 0x00818FFF Content Changed - 32-bit 0x008186D8 False False
...
buffer 1 0x009C3000 0x009C3FFF Content Changed - 32-bit 0x009C3864 False False
...
buffer 1 0x00818000 0x00818FFF Content Changed - 32-bit 0x008186D8 False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.HiddenTears.1
Malicious
C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 859.38 KB
MD5 02ee6a3424782531461fb2f10713d3c1 Copy to Clipboard
SHA1 b581a2c365d93ebb629e8363fd9f69afc673123f Copy to Clipboard
SHA256 ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc Copy to Clipboard
SSDeep 24576:XWq1lx7SqE0xJ2pm8FiWCm3LHgZpJEHp37d:XWq171dxJ6mAQm3LHkJEJLd Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2012-09-24 20:53 (UTC+2)
Last Seen 2019-06-09 21:53 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.93
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 547.91 KB
MD5 cf6c595d3e5e9667667af096762fd9c4 Copy to Clipboard
SHA1 9bb44da8d7f6457099cb56e4f7d1026963dce7ce Copy to Clipboard
SHA256 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d Copy to Clipboard
SSDeep 12288:4wXwNSO5X3IA1iBihI7XHgZQKhJgeCmvz016:4ew0O1IA1UiuLHgZpJEGgg Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2012-07-23 14:33 (UTC+2)
Last Seen 2019-05-30 00:00 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\MSOCache\ALLUSE~1\{91140~2\ose.exe Modified File Binary
Malicious
...
»
Also Known As C:\MSOCache\ALLUSE~1\{91140~3\ose.exe (Modified File)
C:\MSOCache\ALLUSE~1\{91140~1\ose.exe (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 210.85 KB
MD5 6cd2df651dc85a4e83f2a41175de1698 Copy to Clipboard
SHA1 800f6384a60a691cd4bff15157887d16af912406 Copy to Clipboard
SHA256 d387e1092ebc476e84d89f9fcef7636657bdf510472abde319cca49839c3fdf0 Copy to Clipboard
SSDeep 3072:sr85CXkXbVjAaX/0EVNt4xXqutFdNciAqnYCDb5+aVjMvhNOSH2S9oQacEHTM:k9XkXbVjF/ZNGtFdNdFnTDYZNjPFEHI Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-07-03 16:05 (UTC+2)
Last Seen 2019-09-19 01:00 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\MSOCache\ALLUSE~1\{91140~3\setup.exe Modified File Binary
Malicious
...
»
Also Known As C:\MSOCache\ALLUSE~1\{91140~1\setup.exe (Modified File)
C:\MSOCache\ALLUSE~1\{91140~2\setup.exe (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 1.35 MB
MD5 ecebfdda539dc1625cb96192a346b352 Copy to Clipboard
SHA1 540e81daf0010fe244d0597a36a69977f90ba640 Copy to Clipboard
SHA256 0d49226b68b857cebf61e1d88b4b657fc36c8555b47f6ad0dde78dd3d519f63c Copy to Clipboard
SSDeep 12288:20vbfvfhhSVvnB1diKLHH7rKf8YmylcH+zFUib8I7XHgZwKhJAeCGRcAlpjLFSLG:20Dfh6HHfKnE+RUi/LHgZJJkbipjZSMF Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-07-03 16:04 (UTC+2)
Last Seen 2019-12-28 22:37 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.16
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROBR~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 328.40 KB
MD5 06833eb240ba77efb86d6a6875e0f2b8 Copy to Clipboard
SHA1 efe3f0c2f678c89d2b8b42788f8f47e94ce1d58e Copy to Clipboard
SHA256 85ffe9ad8612a87195ee1bb9bdf918582434d40195c6ed737546ce534ad7912c Copy to Clipboard
SSDeep 6144:k9DQj1fi21FU9ReCgiq456Y73zFOQlxAQxgwRW9:TjHTU39qrY3VAQKw49 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2012-08-26 15:34 (UTC+2)
Last Seen 2019-03-07 21:24 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\AcroRd32.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.27 MB
MD5 c23201ad11384d6cfe20da5009981086 Copy to Clipboard
SHA1 32c020339704f69495c3775249432faee292821c Copy to Clipboard
SHA256 5242f21edb8226981e18c6c3f2c5016258ef689db8b09949a52a2d4733d627b6 Copy to Clipboard
SSDeep 24576:lJ9GKKYHBV9IUX1COOen9FhaFE6IrlWl0LM522MKojo:8YhIU8In9F+3Rl0QBMKoU Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-02-24 22:24 (UTC+1)
Last Seen 2019-10-02 17:23 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.34
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.20 MB
MD5 bf1b6ee64688c62446464cbd9b7c29a6 Copy to Clipboard
SHA1 bcb87ecf6bfa3de0213d90d409c580000d1a038b Copy to Clipboard
SHA256 5910058d0ac2c92194cf8188f268908df3a502ffe11ffa010e8044a8b4727e02 Copy to Clipboard
SSDeep 24576:+HF464hrFuhc5r73klPyWQZULLXqr5E8iPwlOLlREi:h6GrFuhDlPZer5E809LlRf Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2012-08-26 15:34 (UTC+2)
Last Seen 2018-07-20 00:50 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.24
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\Eula.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 132.89 KB
MD5 45eb25dde1c911e1b7a70dd646c90eef Copy to Clipboard
SHA1 1b1d49dba6556f7118e3074b41bb67d525cda4dd Copy to Clipboard
SHA256 ca82d4f4d983ab1832d9e6a612ab27aaff179b4d698293da50b5cd18d4660d96 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCwZ2hPo7UItUw+OC35QGB1vdmUNO5aQCXZ3afKr0cyifbgJuUXY:sr85CwZ2hQ05O6dNxHgOcf3w Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-08-26 03:42 (UTC+2)
Last Seen 2019-10-17 22:52 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\ACROTE~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 128.91 KB
MD5 6c21430245db11e1a92821e36b383d51 Copy to Clipboard
SHA1 2dc96edfca8da880bc3ad54f53df0a255ad7d7ef Copy to Clipboard
SHA256 d699d1f41f9a83e1ba0b415372af30871bc6616bd4199361895dcf6a91915467 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJC3aQC0X9oc/Dvy+5oIKW1OXBFOxqjQ+P04wsmJC:sr85CKq9oGfWIKIOXBZr85C Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2012-08-26 15:34 (UTC+2)
Last Seen 2019-04-18 21:15 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 389.47 KB
MD5 fc848907eee20ba2d2ade98823c0acbb Copy to Clipboard
SHA1 b0dba22853b978c35b13bd9016bd9504302a4208 Copy to Clipboard
SHA256 44aa922963a9a3aa503a6aeae14d4427a882875f81d7d7ae4a9baa51640ed323 Copy to Clipboard
SSDeep 6144:k9PlPnEGs7vQ1Y9A9ZMA7CQhdL+WTB0zITYbsc7JsOzebYS5kfcIL761S9:CnE/74ykZMOAWTyzaWsYsYS5kf/L761 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2016-05-02 13:28 (UTC+2)
Last Seen 2018-01-18 04:03 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\Reader\WOW_HE~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 112.40 KB
MD5 0c973dcc36b8bccf35e2a0abd05afc87 Copy to Clipboard
SHA1 e21200ab537504e902ff981b2d568e1ee4a7aef9 Copy to Clipboard
SHA256 87e02a3f24822405894212f38dd7c365385a404de2fe535c807c949fa785ef8c Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCUU5ZMrOcaQCjrEaYqnrgGZztdmYd0GWbBXf98K2+E:sr85CUU5Z4O9DYKlfmYd0GWhZ2+E Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-05-05 17:19 (UTC+2)
Last Seen 2019-10-25 13:46 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Adobe\READER~1.0\SETUPF~1\{AC76B~1\Setup.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 369.95 KB
MD5 fb76912655c09a4d38899ebfe65e3842 Copy to Clipboard
SHA1 c6a8b811066e3647cd04208411eb330bc772d039 Copy to Clipboard
SHA256 754ae95601ede971c1645e383c5a8b0a05ea01d7eb928ed4cb321f3af8a72cc0 Copy to Clipboard
SSDeep 6144:k98MwnQQQjB5eLhCB1wQhjEaHVpACc83ERd7QU4MpOTGlPVsh:fEjB5etCB1wQh3ed8U4kOh Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-12-25 08:22 (UTC+1)
Last Seen 2018-09-07 13:18 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 950.94 KB
MD5 18841715ef2edd5c1b1992965f6d59c1 Copy to Clipboard
SHA1 0d2f611aa6f9024dce932b85eea46f21587b457c Copy to Clipboard
SHA256 bbf61371c896a28c48a5942489493bfabb1ae41144e76ad2438783f751c77156 Copy to Clipboard
SSDeep 12288:c9ugxGsyhjbBMNGl+aS4uqMzvkgvC6EtupNwUMk1Zp3VQHM:c/yD2Gl+aSLzcAC6tPw8X6M Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2016-08-18 18:00 (UTC+2)
Last Seen 2018-02-02 07:07 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.99
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ACROBA~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 411.91 KB
MD5 186abd14dc643b2cd162cd74645f98d2 Copy to Clipboard
SHA1 366c064914d83d03af005112453c0e2493e57d19 Copy to Clipboard
SHA256 5a98d2d859abc1e067554dbb7c82570a236ed6432ccb34ad16ee3c4bf6ff043b Copy to Clipboard
SSDeep 6144:k9KIyhUblMIrCidfLALKPLF74wnHpqrMmPUlktXrAZi9:tjQrCiZLAGPLF742/wUSt Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.99
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\READER~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 371.41 KB
MD5 73fa790eb90ae0aad364e082b9455b06 Copy to Clipboard
SHA1 34295cb0db118c9f7ae78c0776458f746cb4f191 Copy to Clipboard
SHA256 c0931cb540ad7d8ec740e10702e46df7a9e70c3b5e2fa8960cae619b0f458cff Copy to Clipboard
SSDeep 6144:k9KIyhUblMIrCidfLALKPLF74wng6qrMmPUFbEXrAZQ:tjQrCiZLAGPLF74BIwUVEp Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2015-01-02 04:14 (UTC+1)
Last Seen 2019-04-28 21:16 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.99
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 270.38 KB
MD5 c8564c9f6038ea08a1535ec0090b85fd Copy to Clipboard
SHA1 fd438e11a0aecabc35f5cb553457471d1d7c6cac Copy to Clipboard
SHA256 c4c95b5511c0ad449dc502f121da655f3d6f1e5805b7ae36b1203566d451c825 Copy to Clipboard
SSDeep 6144:k9VX1a0SqWxrAbX1yqNNAQHSY52MNLF0g/:NqWxsbXgSiY5/H0i Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-02-06 15:28 (UTC+1)
Last Seen 2019-04-28 21:12 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.03
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 535.88 KB
MD5 bdd42296076c239f66f7565648b0882f Copy to Clipboard
SHA1 6a2a756de486e5313d4cc349e58d4887390ff7b5 Copy to Clipboard
SHA256 ba29501a2becdc3611e11e79bcae5669c335175cf27941d64029794c312c3da7 Copy to Clipboard
SSDeep 6144:k9/BI4Eln+QR9UKWtlLMgEFj1XmmYLua4Qp5SYgCFj+V2Fom0m:u2PlxRCKWtlLMDnzYOV2ZX Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-02-06 15:28 (UTC+1)
Last Seen 2019-04-28 21:25 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.03
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 288.88 KB
MD5 1c14e3664e471b56ce24e364a23a9384 Copy to Clipboard
SHA1 840b54b4bc90b7d909527cc097d665d30da97829 Copy to Clipboard
SHA256 d1781c2cd6ef372824de9d4e75916ad018ce49e22562c952e23457d94930d4d1 Copy to Clipboard
SSDeep 6144:k9/f9h2oXaqARzuE7ko1rWpU3rqjgEFj1F0xEt7p9Fi:0f9h9Xaqsyyko1rWaqjDKqt7Ni Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-04-06 20:40 (UTC+2)
Last Seen 2019-04-18 21:19 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.5
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaucheck.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 283.38 KB
MD5 044fc38d99f0f34244b90271460a6e5d Copy to Clipboard
SHA1 3a2efbd3af6eb85383070c1d0ac3f7fb75da8a38 Copy to Clipboard
SHA256 a62f842193e6cda8f19a8ba1e6d2b766de04b98fb4161125565df0e127e82eb8 Copy to Clipboard
SSDeep 6144:k9cO92P2jsIVi5CnYav1882nSYXVzJ0J7gl:7UsIVi5CnYjQYlzjl Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-01-08 02:27 (UTC+1)
Last Seen 2017-07-19 07:27 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.03
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\MICROS~1\TextConv\WksConv\Wkconv.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.18 MB
MD5 72cdc778871bf451db5e9f59f735b0bf Copy to Clipboard
SHA1 7b94006def143f4764490f0931c8916a69dd4ea8 Copy to Clipboard
SHA256 f3586014ef389443aa162691493bb6a7e828f3584d62c72e94002ab5ea400bd8 Copy to Clipboard
SSDeep 24576:wUOXAoyQy+gCgbKisSzGpMjmkNmAsEUwN1f:P5QrgCMKisijmk0AGwN5 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-05-27 20:42 (UTC+2)
Last Seen 2019-06-01 01:11 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.08
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 125.84 KB
MD5 68f89d4d69fc5506cedec2f511bf2103 Copy to Clipboard
SHA1 aafc9a1a19f1e07710cc6a978e313bfbfb2a884f Copy to Clipboard
SHA256 8ff23bdec4cb9a8e4aada88a1734df7a44d6d3aeed6d6548bbc543bb1c6322da Copy to Clipboard
SSDeep 3072:sr85CeKyB0QRkTP+c2Bx95fpUHGZo5OiLXpWJwU:k92RkR25E15dLXpWJwU Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-05-27 20:24 (UTC+2)
Last Seen 2019-03-07 21:13 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Google\Chrome\APPLIC~1\580302~1.110\INSTAL~1\setup.exe Modified File Binary
Malicious
...
»
Also Known As C:\PROGRA~2\Google\Chrome\APPLIC~1\580302~1.110\INSTAL~1\chrmstp.exe (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 1.68 MB
MD5 09d2933fc2d2b334e87b3fd4484c84a2 Copy to Clipboard
SHA1 a82e145ba6e4481701e188b2b58582d54cd134d7 Copy to Clipboard
SHA256 d8f8e68bbd5b555bbafda480dc6576bdad0d1222e553c163837f578f6d230134 Copy to Clipboard
SSDeep 24576:tdCpTfqA4IlU+orMubpXsqGZSCObcuWzbsT5qSTd5vvxqN:yNqRIlTorMubgSZ+zbsTP5vv2 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-05-11 21:04 (UTC+2)
Last Seen 2018-07-01 13:25 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 2.85
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.13 MB
MD5 d0633026cfc61fd67e2f08930beb5549 Copy to Clipboard
SHA1 c72eb163fc31042e5d3d13c11ed00f6f0af698b9 Copy to Clipboard
SHA256 563bf1eaa6662b8ef225e0345823f4e0dedefe6eaaad3f5a5f288907702fb3b6 Copy to Clipboard
SSDeep 24576:vOAvSfKsu+qp+cxIaCi/6AzEINKC/J/TELPImw7s:7WKsuxp+c+kwA5J/TaIK Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-05-14 08:38 (UTC+2)
Last Seen 2018-07-01 22:16 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.1
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\JABSWI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 87.41 KB
MD5 9f5e88d480ac62763166757ca12384f2 Copy to Clipboard
SHA1 dac7403ecfc9644676b37ad7c64ed4e4e65157b1 Copy to Clipboard
SHA256 c1ed6fe9490b48c012a3cbf8923e684e66a8b4f55dcc07c67fbedd2db77cb0f6 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCDZuTiy6GaRTUC+nCPlE:sr85C8n67TUC+n2 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-12-02 09:41 (UTC+1)
Last Seen 2019-04-28 21:13 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\java.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 210.91 KB
MD5 97201492fe2a18ecb5ffc5d1625a6f0e Copy to Clipboard
SHA1 52c7204af851810898f02d0b901e63c99419aab7 Copy to Clipboard
SHA256 a49f9fd708f57c053b06da40b7c4a8c833dcfe6385ddedd8fa4536832cd5da0f Copy to Clipboard
SSDeep 3072:sr85C/qjHbX4UsGZ2GRsMldso2TBfxUsjZqMNNTOkNMsdx8e96OtV4:k9/uUUaGRskB2TB7v5O+MsPftW Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-01-11 05:11 (UTC+1)
Last Seen 2017-07-20 06:57 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.0
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\javaw.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 211.41 KB
MD5 e249b7239ea0d2d1d3b05c1b78739b97 Copy to Clipboard
SHA1 5754d73e42330c6b627b8430fcbb8626bed7c312 Copy to Clipboard
SHA256 3989347568a7b4cea5b3979fe50d3bf13f8e4e3b99c6f428f4bc6c25bd541a34 Copy to Clipboard
SSDeep 3072:sr85C/qOkqrjb8ac8ChYi2/6XW2TBfhRAjZqMNgVub9DpE9wEWjxrY:k9/Fx78aWYi2yG2TBovCuZ1E9ExU Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-11-29 06:15 (UTC+1)
Last Seen 2017-08-07 06:48 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.0
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\javacpl.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 105.91 KB
MD5 89e308f2b61e49d8ec5f05b0e77595d0 Copy to Clipboard
SHA1 839ce87f00018bdb1d42e545a93e6c88236b468b Copy to Clipboard
SHA256 21e3f9857f936b07fca85485774e1c7f21c6b56f9bb3bfbdc09beccf05e709aa Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJC/rmKqjh3rmKPNWVGB29LBo3soO9qp77:sr85C/qfjZqMNWVGUWO9qx Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-01-06 17:34 (UTC+1)
Last Seen 2017-11-09 14:26 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.0
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\JP2LAU~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 91.91 KB
MD5 66d1953bd40d4cd03f5ccb30fd96e564 Copy to Clipboard
SHA1 726933a1ec8322fca71a32131c2728587ceadfc0 Copy to Clipboard
SHA256 1b3338c82ade18af800aae1137353950666a578a55f4d686e0998b2718e34433 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCfgnIjhbBaGuDEUjTVsfeC78OtkCXVoT:sr85CfljhV2jTVsfeC78Ot3VoT Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-03-03 20:38 (UTC+1)
Last Seen 2019-03-12 21:22 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\jqs.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 218.91 KB
MD5 3fa9eca27887a220f1cba28c594c441d Copy to Clipboard
SHA1 564f4b215288b296db810da883a5d24910280a01 Copy to Clipboard
SHA256 4817b7af4f226e95a3ddc3ba5c49eec372b81a5f3e7b18aff6908e43be8d72a4 Copy to Clipboard
SSDeep 3072:sr85CGW2WFxvUHQnkZwHRsDZo+nSOeM6NOoHpHBGh+akAjRr8F:k9GIUHQnkZwHRsrnN6NOoJHBrak0Rr8F Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-12-02 09:41 (UTC+1)
Last Seen 2017-08-07 06:18 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\javaws.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 298.91 KB
MD5 a7462b27a01ab078643de6d16bb9f4ed Copy to Clipboard
SHA1 cc8a534708043a1da6137f17d423d8c05f21548d Copy to Clipboard
SHA256 94cca6e3c376af0a40e1d5678391c557813b5819e4f4556c92fd40475f942877 Copy to Clipboard
SSDeep 6144:k9/dhwHspYalIRnuCC8dLAyzWcWpyo7dv6dkiCx:GkMCaCRtjlJz5W5dv6dknx Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-11-29 06:15 (UTC+1)
Last Seen 2019-03-07 21:17 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.0
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\ssvagent.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 88.41 KB
MD5 bfe78e9f8f7a709d1b657b8ac33a8106 Copy to Clipboard
SHA1 30b16893521708d791369967d73eacfaa200c71c Copy to Clipboard
SHA256 e5b57c66f9183f5ac14bcc9799148562e5c0ed99ef1b2dff610a8925b2ec375a Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCKAd5pWkqw7RIP1i60WnoTHHkvOpsxds:sr85CrT/IP1ZV4YOpsxy Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-12-02 09:41 (UTC+1)
Last Seen 2017-07-18 07:40 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\Java\jre7\bin\UNPACK~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 183.41 KB
MD5 f9e213c61c11522fe77454d35b176648 Copy to Clipboard
SHA1 1870a9b9de619e5df211df45c42a489fa8a38ba6 Copy to Clipboard
SHA256 fd3ec605ae9d0794aa77328c979b50f3447e3e159dc66e8a7dcdda808baa8509 Copy to Clipboard
SSDeep 3072:sr85C9fnLQobq76TBfPsRF0WkTacsNPY3:k99vJLTBHsRS52A Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-11-29 06:15 (UTC+1)
Last Seen 2017-08-07 08:45 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MICROS~4\DESKTO~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 152.00 KB
MD5 5a1937f1a56a730068af7874e4da4431 Copy to Clipboard
SHA1 9e444a9bf753041f898cf4a046d6af5ca17a6583 Copy to Clipboard
SHA256 5e45aae6e3ed6e73a342de3ab25b9300a271c4e664e329e6a994ba3a79e64c72 Copy to Clipboard
SSDeep 3072:sr85CIwnYrHguBvcBvz4qBjELYmROzoTq0+RO7N:k9de3vMkqBg0YkdNwZ Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MICROS~4\DESKTO~2.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 95.50 KB
MD5 7d6ee62b53708c28e3b971990c81e55f Copy to Clipboard
SHA1 780689051ff73ed9e3b691abff5b0015fc3dd8ea Copy to Clipboard
SHA256 58a700f37a86bb30e02291134d4ea0a474e7e61250ebbd3e458ce5914cf4b767 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJC7MXL5uXZnzEPf+hzRsibKplyXTq8OGRnsPFG+RODTbN:sr85CIwnYPmROzoTq0+RO7N Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2012-11-28 09:12 (UTC+1)
Last Seen 2018-12-08 18:31 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 109.88 KB
MD5 44623cc33b1bd689381de8fe6bcd90d1 Copy to Clipboard
SHA1 187d4f8795c6f87dd402802723e4611bf1d8089e Copy to Clipboard
SHA256 380154eab37e79ed26a7142b773b8a8df6627c64c99a434d5a849b18d34805ba Copy to Clipboard
SSDeep 3072:sr85CKdogcgVZlhOP4l9ovN7hYFjZUAFxO9:k9KdJcehOPQcibUoG Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2016-03-11 13:59 (UTC+1)
Last Seen 2019-06-04 20:39 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\CRASHR~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 155.11 KB
MD5 fb23c759ccc18cd6806952485d7cee63 Copy to Clipboard
SHA1 23fb357a84f85af9c6caee2c632eaa6df19afa49 Copy to Clipboard
SHA256 d5359c0a78f60e23602e514714554465b4c470f80fe2b23cdb0e76bfe1784507 Copy to Clipboard
SSDeep 3072:sr85CxYn+JsHwIha+owO06V0ZhuW+jgUsucRH68llNjWnQA:k9SkIha+1O06MucucRHrlNjWnr Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-05-17 19:14 (UTC+2)
Last Seen 2019-08-01 07:50 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.31
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\MAINTE~2.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 230.49 KB
MD5 c2969cf43a28792b2152c48352824361 Copy to Clipboard
SHA1 56a697fc4d4324dad49590847c79829e899f5800 Copy to Clipboard
SHA256 daf27e61c9abad5564856a0b89354e07bb06dd9b471f127d2d4499ed51b93dd2 Copy to Clipboard
SSDeep 3072:sr85CORD5bargK0nFmp6ISnU/RDObs+nFmp6ISLR+UszWOITsEL50jl7yAUY:k9UD56gKcFmcjnU5DOtFmcjdWzZZLUY Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-05-17 19:15 (UTC+2)
Last Seen 2019-08-07 11:39 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.81
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\UNINST~1\helper.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 892.41 KB
MD5 dd0c9910a772b54fbe20a7ccfad6543a Copy to Clipboard
SHA1 dcabe122dfce50d4c7fc513cead30c8c2ef5461a Copy to Clipboard
SHA256 4ce1a64fbc57f991f7568ba41e1d532e23d0cc0065f4faa89067ccaf93c572b8 Copy to Clipboard
SSDeep 24576:Tvjgi8i7a4HKvkTgXuquveY+W2o8oT3ezMrl9cekcHhXh9HJUiWUXsmqsqzl87ay:L0i8iNHKvkTgXuquveY+W2o8oT3ezMrT Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-05-17 19:15 (UTC+2)
Last Seen 2019-11-21 18:21 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.81
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\WEBAPP~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 207.45 KB
MD5 9ed1efaa9c9985e36b66685163d3d52f Copy to Clipboard
SHA1 086dae1793eb8a9a368d3bc06c3d3f36195b52e5 Copy to Clipboard
SHA256 a20825feb4e7aca781835ce4c5d610b0f9c733b51a7552d34891c571435a6d89 Copy to Clipboard
SSDeep 3072:sr85CfnFmL9nFm++FVs+pwD86szWOITsEL50jl7y6WM:k9PFmLFFm++WDSzZZB Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-11-14 00:26 (UTC+1)
Last Seen 2019-06-02 10:35 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 2.64
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\WEBAPP~2.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 146.11 KB
MD5 d2397ccc7d42e4a42d0c6507bbe1a600 Copy to Clipboard
SHA1 c26a9f7cdbcdbe3849c62f2e9f154eed71c33df2 Copy to Clipboard
SHA256 f1b62b4f79fbe8047780ec88620d3dbae4e9cf96a0ed21219ba5214b259b2f12 Copy to Clipboard
SSDeep 1536:JxqjQ+P04wsmJCTORvmucEnwQIknOch9zcxQORBRVOLsWzvIDfQ3vtMd0u6akYLh:sr85CyDPph9YxQ+kLVIDo9u6aFLR3 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-11-14 00:24 (UTC+1)
Last Seen 2019-06-02 10:31 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\updater.exe Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 308.11 KB
MD5 9b6fb5455717c904fb88215d220c0de8 Copy to Clipboard
SHA1 24096407225a001351bf8984e247a348487a2a98 Copy to Clipboard
SHA256 bbec258d47c6f6dc0a98573b6c0c996cc8c79fde3824d949d597fd9f1ccc4c30 Copy to Clipboard
SSDeep 6144:k9FQZ+Ac2rdvMSu0jLPpyzx3PfcKrKywoNSHhsa30I:7Z7c2BvMl0SZdGy12s9I Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-05-17 19:15 (UTC+2)
Last Seen 2019-08-05 13:34 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.41
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE Modified File Binary
Malicious
...
»
Also Known As C:\PROGRA~2\MOZILL~2\MAINTE~1.EXE (Modified File)
Mime Type application/vnd.microsoft.portable-executable
File Size 157.11 KB
MD5 9698f293ce48e91f1f0b5a1e15a7437b Copy to Clipboard
SHA1 36985011865182cd93f2bf19cb31ee800c880828 Copy to Clipboard
SHA256 1ec370afdc1478aace34ce4942ef9997d8bde370f4dcb3163fe39332cb31f680 Copy to Clipboard
SSDeep 3072:sr85CTisLKjwrYJkgqYznbElRLmypxF1pxK0IvCBrM2wARg3NY:k9TvKjwrYJkgrzomS1rzndM2wAgNY Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2013-11-14 00:23 (UTC+1)
Last Seen 2019-06-05 10:53 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~2\MOZILL~2\UNINST~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 144.22 KB
MD5 f42808056456bd6b58962e33659bdd8e Copy to Clipboard
SHA1 c244414497d2934009982e66532140b22df01999 Copy to Clipboard
SHA256 9248229018c6519cb437c32627cc68837acc746b5d95ff3f9b115858f8c2e2a3 Copy to Clipboard
SSDeep 3072:sr85CORD5bar5+nFmp6ISNUszWOITsEL50jl7yAUY:k9UD56UFmcjBzZZLUY Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-05-17 19:15 (UTC+2)
Last Seen 2019-07-28 02:12 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.81
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 485.54 KB
MD5 86749cd13537a694795be5d87ef7106d Copy to Clipboard
SHA1 538030845680a8be8219618daee29e368dc1e06c Copy to Clipboard
SHA256 8c35dcc975a5c7c687686a3970306452476d17a89787bc5bd3bf21b9de0d36a5 Copy to Clipboard
SSDeep 12288:/0IursYCYQeSnyZJiqlEbXSb9NtoqOFBqkYHkZH:8MYenGJiKEbXWtpOLl5 Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-03-25 01:04 (UTC+1)
Last Seen 2019-06-04 23:26 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{3C3AA~1\VCREDI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 492.66 KB
MD5 1fb52c3b911b16c4025e078942dcbd56 Copy to Clipboard
SHA1 f64adeb53929b6e65d0f13826909bbd25cc22f88 Copy to Clipboard
SHA256 ca85b096091c40bb13521e4186d84b3d8640b85b152e190e0c34a7a3bd4f85fc Copy to Clipboard
SSDeep 12288:9B+pwPprnVmLmDsC+FU+ZOSz09tzZuE8EEXymOz:XDFncLmKDZOSzoFvEXLOz Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2016-03-22 13:11 (UTC+1)
Last Seen 2018-05-27 00:53 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 485.40 KB
MD5 87f15006aea3b4433e226882a56f188d Copy to Clipboard
SHA1 e3ad6beb8229af62b0824151dbf546c0506d4f65 Copy to Clipboard
SHA256 8d0045c74270281c705009d49441167c8a51ac70b720f84ff941b39fad220919 Copy to Clipboard
SSDeep 12288:/0IursYCYQeSnyZJiqlEbXSb9NtCGOF2O27MVz+ZH:8MYenGJiKEbXWtfOkU+ Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-06-01 22:26 (UTC+2)
Last Seen 2019-06-04 20:36 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{E6E75~1\VCREDI~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 492.62 KB
MD5 075b18e41ed71184f2a2cc5d199cd3db Copy to Clipboard
SHA1 d317487bb047acee0503ed9fd86cbc830b38ff67 Copy to Clipboard
SHA256 500dde1f7a2f805d943acf9da16b77d5cba79fc587e2b27f67371c0c9bbc81cc Copy to Clipboard
SSDeep 12288:9B+pwPprnVmLmDsC+FU+ZOSzLBtzodfwkcAymOz:XDFncLmKDZOSzNFWRTLOz Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-05-23 12:36 (UTC+2)
Last Seen 2019-03-26 04:26 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{E52A6~1\VC_RED~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 804.05 KB
MD5 3499f4a53c097c89b703b7a456a11e48 Copy to Clipboard
SHA1 4249b9f8b9c312e3923780a997ccb1220e16c1eb Copy to Clipboard
SHA256 2c0ee7a40fc29a3dc067a94aea90e614afe006bfdc22baee502d27a6b867ab12 Copy to Clipboard
SSDeep 12288:TCtQO4Nai3jk/PvJKAgpZ9UKI7GLwtl1fAmdB2/a/172SJo10GSc5AqkL:TIgNaPRKAgL9UE8tl1fKa/o1XPxkL Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-10-21 04:41 (UTC+2)
Last Seen 2018-09-16 18:08 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\PROGRA~3\PACKAG~1\{F325F~1\VC_RED~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 804.05 KB
MD5 b2f2e34bd55637b4c83674b4fbe81fd6 Copy to Clipboard
SHA1 4164124cbbe2d29d3c3dbd7c474b2d924f46a1b9 Copy to Clipboard
SHA256 75a3d9954d18205ac9e3498cd862a04234d3b4dcaa4f636335f5b17a5f82d8a3 Copy to Clipboard
SSDeep 12288:TCtQO4Nai3jk/PbdKXyuR/gYawF7f3txXoioeqZqU2/TyW1yAqkL:TIgNaP5KXNt5dxXEeq8fExkL Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-10-21 04:41 (UTC+2)
Last Seen 2018-09-09 03:22 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.96
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\Users\5P5NRG~1\AppData\Local\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\CLICEX~1.000\GOOGLE~1.EXE Modified File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.12 MB
MD5 d189f721090dd0d64d7c470ad366cab5 Copy to Clipboard
SHA1 39583c2f42d8b353e10f4408df4b23ecc69f105e Copy to Clipboard
SHA256 508cf1eb65e09a3139664008b4d692b44991c3f53a7edd000b63ca4e492ea235 Copy to Clipboard
SSDeep 24576:ujDN2+fvw1wh/jSaRjJFS1t/1nCXD8FTI9nZTDReeEYAiBBBp1Ejb:2DN2+HBNRj/inCXDIshZTDRLB7p1ib Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-04-28 19:49 (UTC+2)
Last Seen 2018-05-18 18:47 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 4.26
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempexplorer.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 212.00 KB
MD5 17c1c348b518991c9335218bab4c18d1 Copy to Clipboard
SHA1 f4967062b95a36072d3e82d8dc20105de3674bc7 Copy to Clipboard
SHA256 bd2cfdc89af135110e4caad2d40359f167ff7d77695c9bdb847f0bf2249eb7a1 Copy to Clipboard
SSDeep 6144:k9F2uqtdvo9VgNiNfWBAKYdFfV+ya9yIWyOom:i2uGdw9VMiABITEyaMzyOom Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-01 00:12 (UTC+1)
Last Seen 2020-01-06 08:13 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
tempexplorer.exe 4 0x00400000 0x0041AFFF Relevant Image - 32-bit - True False
...
svchost.com 11 0x00400000 0x0041AFFF Relevant Image - 32-bit - True False
...
svchost.com 12 0x00400000 0x0041AFFF Relevant Image - 32-bit - True False
...
tempexplorer.exe 4 0x00400000 0x0041AFFF Process Termination - 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Tempspwak.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 30.50 KB
MD5 d459ac27cda1076af5b93ba8a573b992 Copy to Clipboard
SHA1 429406da9817debfbadd91dc7aecb9a682d8d9da Copy to Clipboard
SHA256 c458b39ee9dacfece49933e4ceaaeab376448d8d56eb503ea519a8df8323bccb Copy to Clipboard
SSDeep 768:D73KjfmIDfQ2RVsWxLhxh8AP6vF4cpB8JzNRnbcuyD7UQO:D+fmIs2/FhxCAu4cpOZNRnouy8QO Copy to Clipboard
ImpHash ea3e86484886c2a387ba5b08157b6ac0 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-01-29 22:02 (UTC+1)
Last Seen 2020-01-06 08:13 (UTC+1)
Names Win32.Trojan.Fakeransom
Families Fakeransom
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x4134e0
Size Of Code 0x8000
Size Of Initialized Data 0x1000
Size Of Uninitialized Data 0xc000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2016-01-26 12:22:25+00:00
Packer UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0xc000 0x0 0x200 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x40d000 0x8000 0x7200 0x200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.92
.rsrc 0x415000 0x1000 0x600 0x7400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.85
Imports (9)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x415470 0x15470 0x7870 0x0
GetProcAddress 0x0 0x415474 0x15474 0x7874 0x0
VirtualProtect 0x0 0x415478 0x15478 0x7878 0x0
VirtualAlloc 0x0 0x41547c 0x1547c 0x787c 0x0
VirtualFree 0x0 0x415480 0x15480 0x7880 0x0
ExitProcess 0x0 0x415484 0x15484 0x7884 0x0
COMCTL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControlsEx 0x0 0x41548c 0x1548c 0x788c 0x0
GDI32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BitBlt 0x0 0x415494 0x15494 0x7894 0x0
MSVCRT.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
fabs 0x0 0x41549c 0x1549c 0x789c 0x0
OLE32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize 0x0 0x4154a4 0x154a4 0x78a4 0x0
SHELL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExA 0x0 0x4154ac 0x154ac 0x78ac 0x0
SHLWAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathQuoteSpacesA 0x0 0x4154b4 0x154b4 0x78b4 0x0
USER32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDC 0x0 0x4154bc 0x154bc 0x78bc 0x0
WINMM.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeBeginPeriod 0x0 0x4154c4 0x154c4 0x78c4 0x0
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
tempspwak.exe 5 0x00400000 0x00415FFF Relevant Image - 32-bit - False False
...
tempspwak.exe 5 0x00400000 0x00415FFF Process Termination - 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.30748527
Malicious
C:\Users\5P5NRG~1\AppData\Local\Temp\3582-490\Tempexplorer.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 171.50 KB
MD5 a4d60b143b5fcc68f86b929d73d1880d Copy to Clipboard
SHA1 36e946b7d6dd02542e1d893abaa448aff43f1072 Copy to Clipboard
SHA256 7a55183d372c4645e8a31389d2813fa12c127389254b7412c225ec413c404044 Copy to Clipboard
SSDeep 3072:MV+yaw3yyImmOy3+oK2uqt1bvzSd93FSxNni+2fWBpmKhuNdF:MV+ya9yIWyOoK2uqtdvo9VgNiNfWBAKu Copy to Clipboard
ImpHash 282b83bf51f213d85115d7c041977fd2 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-01 00:10 (UTC+1)
Last Seen 2019-11-17 18:33 (UTC+1)
Names Win32.Virus.Ramnit
Families Ramnit
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x412000
Size Of Code 0xbe00
Size Of Initialized Data 0x2800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2016-01-26 12:22:25+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.code 0x401000 0x20fb 0x2200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.38
.text 0x404000 0x9bfe 0x9c00 0x2600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.6
.rdata 0x40e000 0x97e 0xa00 0xc200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.61
.data 0x40f000 0x1734 0x1400 0xcc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.75
.rsrc 0x411000 0x9b4 0xa00 0xe000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.2
.rmnet 0x412000 0x1d000 0x1c400 0xea00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.99
Imports (9)
»
MSVCRT.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
memset 0x0 0x40f5e8 0xf374 0xcf74 0x299
strncmp 0x0 0x40f5ec 0xf378 0xcf78 0x2c0
memmove 0x0 0x40f5f0 0xf37c 0xcf7c 0x298
strncpy 0x0 0x40f5f4 0xf380 0xcf80 0x2c1
strstr 0x0 0x40f5f8 0xf384 0xcf84 0x2c5
_strnicmp 0x0 0x40f5fc 0xf388 0xcf88 0x1c5
_stricmp 0x0 0x40f600 0xf38c 0xcf8c 0x1c1
strlen 0x0 0x40f604 0xf390 0xcf90 0x2be
strcmp 0x0 0x40f608 0xf394 0xcf94 0x2b8
sprintf 0x0 0x40f60c 0xf398 0xcf98 0x2b2
fabs 0x0 0x40f610 0xf39c 0xcf9c 0x24b
ceil 0x0 0x40f614 0xf3a0 0xcfa0 0x241
malloc 0x0 0x40f618 0xf3a4 0xcfa4 0x291
floor 0x0 0x40f61c 0xf3a8 0xcfa8 0x255
free 0x0 0x40f620 0xf3ac 0xcfac 0x25e
fclose 0x0 0x40f624 0xf3b0 0xcfb0 0x24c
memcpy 0x0 0x40f628 0xf3b4 0xcfb4 0x297
strcpy 0x0 0x40f62c 0xf3b8 0xcfb8 0x2ba
tolower 0x0 0x40f630 0xf3bc 0xcfbc 0x2d3
KERNEL32.dll (45)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA 0x0 0x40f638 0xf3c4 0xcfc4 0x1f7
HeapCreate 0x0 0x40f63c 0xf3c8 0xcfc8 0x2a4
RemoveDirectoryA 0x0 0x40f640 0xf3cc 0xcfcc 0x383
GetShortPathNameA 0x0 0x40f644 0xf3d0 0xcfd0 0x23a
HeapDestroy 0x0 0x40f648 0xf3d4 0xcfd4 0x2a5
ExitProcess 0x0 0x40f64c 0xf3d8 0xcfd8 0x105
GetExitCodeProcess 0x0 0x40f650 0xf3dc 0xcfdc 0x1c6
GetTempFileNameA 0x0 0x40f654 0xf3e0 0xcfe0 0x25c
FindResourceA 0x0 0x40f658 0xf3e4 0xcfe4 0x137
LoadResource 0x0 0x40f65c 0xf3e8 0xcfe8 0x2fb
SizeofResource 0x0 0x40f660 0xf3ec 0xcfec 0x42a
HeapAlloc 0x0 0x40f664 0xf3f0 0xcff0 0x2a2
HeapFree 0x0 0x40f668 0xf3f4 0xcff4 0x2a6
Sleep 0x0 0x40f66c 0xf3f8 0xcff8 0x42b
LoadLibraryA 0x0 0x40f670 0xf3fc 0xcffc 0x2f6
GetProcAddress 0x0 0x40f674 0xf400 0xd000 0x222
FreeLibrary 0x0 0x40f678 0xf404 0xd004 0x14d
GetCurrentThreadId 0x0 0x40f67c 0xf408 0xd008 0x1ae
GetCurrentProcessId 0x0 0x40f680 0xf40c 0xd00c 0x1ab
CloseHandle 0x0 0x40f684 0xf410 0xd010 0x44
InitializeCriticalSection 0x0 0x40f688 0xf414 0xd014 0x2b9
GetCommandLineA 0x0 0x40f68c 0xf418 0xd018 0x170
GetModuleFileNameA 0x0 0x40f690 0xf41c 0xd01c 0x1f5
GetEnvironmentVariableA 0x0 0x40f694 0xf420 0xd020 0x1c3
SetEnvironmentVariableA 0x0 0x40f698 0xf424 0xd024 0x3d8
GetCurrentProcess 0x0 0x40f69c 0xf428 0xd028 0x1aa
TerminateProcess 0x0 0x40f6a0 0xf42c 0xd02c 0x437
SetUnhandledExceptionFilter 0x0 0x40f6a4 0xf430 0xd030 0x41f
EnterCriticalSection 0x0 0x40f6a8 0xf434 0xd034 0xda
LeaveCriticalSection 0x0 0x40f6ac 0xf438 0xd038 0x2f4
GetVersionExA 0x0 0x40f6b0 0xf43c 0xd03c 0x27a
HeapReAlloc 0x0 0x40f6b4 0xf440 0xd040 0x2a9
SetLastError 0x0 0x40f6b8 0xf444 0xd044 0x3f4
TlsAlloc 0x0 0x40f6bc 0xf448 0xd048 0x43c
GetCurrentDirectoryA 0x0 0x40f6c0 0xf44c 0xd04c 0x1a8
SetCurrentDirectoryA 0x0 0x40f6c4 0xf450 0xd050 0x3ce
SetFileAttributesA 0x0 0x40f6c8 0xf454 0xd054 0x3df
DeleteFileA 0x0 0x40f6cc 0xf458 0xd058 0xc1
GetTempPathA 0x0 0x40f6d0 0xf45c 0xd05c 0x25e
CreateDirectoryA 0x0 0x40f6d4 0xf460 0xd060 0x6d
WriteFile 0x0 0x40f6d8 0xf464 0xd064 0x497
CreateFileA 0x0 0x40f6dc 0xf468 0xd068 0x79
SetFilePointer 0x0 0x40f6e0 0xf46c 0xd06c 0x3e7
ReadFile 0x0 0x40f6e4 0xf470 0xd070 0x36e
DeleteCriticalSection 0x0 0x40f6e8 0xf474 0xd074 0xbf
USER32.DLL (60)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharLowerA 0x0 0x40f6f0 0xf47c 0xd07c 0x0
MessageBoxA 0x0 0x40f6f4 0xf480 0xd080 0x0
SendMessageA 0x0 0x40f6f8 0xf484 0xd084 0x0
PostMessageA 0x0 0x40f6fc 0xf488 0xd088 0x0
GetWindowThreadProcessId 0x0 0x40f700 0xf48c 0xd08c 0x0
IsWindowVisible 0x0 0x40f704 0xf490 0xd090 0x0
GetWindowLongA 0x0 0x40f708 0xf494 0xd094 0x0
GetForegroundWindow 0x0 0x40f70c 0xf498 0xd098 0x0
IsWindowEnabled 0x0 0x40f710 0xf49c 0xd09c 0x0
EnableWindow 0x0 0x40f714 0xf4a0 0xd0a0 0x0
EnumWindows 0x0 0x40f718 0xf4a4 0xd0a4 0x0
SetWindowPos 0x0 0x40f71c 0xf4a8 0xd0a8 0x0
DestroyWindow 0x0 0x40f720 0xf4ac 0xd0ac 0x0
GetDC 0x0 0x40f724 0xf4b0 0xd0b0 0x0
GetWindowTextLengthA 0x0 0x40f728 0xf4b4 0xd0b4 0x0
GetWindowTextA 0x0 0x40f72c 0xf4b8 0xd0b8 0x0
SetRect 0x0 0x40f730 0xf4bc 0xd0bc 0x0
DrawTextA 0x0 0x40f734 0xf4c0 0xd0c0 0x0
GetSystemMetrics 0x0 0x40f738 0xf4c4 0xd0c4 0x0
ReleaseDC 0x0 0x40f73c 0xf4c8 0xd0c8 0x0
GetSysColor 0x0 0x40f740 0xf4cc 0xd0cc 0x0
GetSysColorBrush 0x0 0x40f744 0xf4d0 0xd0d0 0x0
CreateWindowExA 0x0 0x40f748 0xf4d4 0xd0d4 0x0
CallWindowProcA 0x0 0x40f74c 0xf4d8 0xd0d8 0x0
SetWindowLongA 0x0 0x40f750 0xf4dc 0xd0dc 0x0
SetFocus 0x0 0x40f754 0xf4e0 0xd0e0 0x0
RedrawWindow 0x0 0x40f758 0xf4e4 0xd0e4 0x0
RemovePropA 0x0 0x40f75c 0xf4e8 0xd0e8 0x0
DefWindowProcA 0x0 0x40f760 0xf4ec 0xd0ec 0x0
SetPropA 0x0 0x40f764 0xf4f0 0xd0f0 0x0
GetParent 0x0 0x40f768 0xf4f4 0xd0f4 0x0
GetPropA 0x0 0x40f76c 0xf4f8 0xd0f8 0x0
GetWindow 0x0 0x40f770 0xf4fc 0xd0fc 0x0
SetActiveWindow 0x0 0x40f774 0xf500 0xd100 0x0
UnregisterClassA 0x0 0x40f778 0xf504 0xd104 0x0
DestroyAcceleratorTable 0x0 0x40f77c 0xf508 0xd108 0x0
LoadIconA 0x0 0x40f780 0xf50c 0xd10c 0x0
LoadCursorA 0x0 0x40f784 0xf510 0xd110 0x0
RegisterClassA 0x0 0x40f788 0xf514 0xd114 0x0
AdjustWindowRectEx 0x0 0x40f78c 0xf518 0xd118 0x0
ShowWindow 0x0 0x40f790 0xf51c 0xd11c 0x0
CreateAcceleratorTableA 0x0 0x40f794 0xf520 0xd120 0x0
PeekMessageA 0x0 0x40f798 0xf524 0xd124 0x0
MsgWaitForMultipleObjects 0x0 0x40f79c 0xf528 0xd128 0x0
GetMessageA 0x0 0x40f7a0 0xf52c 0xd12c 0x0
GetActiveWindow 0x0 0x40f7a4 0xf530 0xd130 0x0
TranslateAcceleratorA 0x0 0x40f7a8 0xf534 0xd134 0x0
TranslateMessage 0x0 0x40f7ac 0xf538 0xd138 0x0
DispatchMessageA 0x0 0x40f7b0 0xf53c 0xd13c 0x0
GetFocus 0x0 0x40f7b4 0xf540 0xd140 0x0
GetClientRect 0x0 0x40f7b8 0xf544 0xd144 0x0
FillRect 0x0 0x40f7bc 0xf548 0xd148 0x0
EnumChildWindows 0x0 0x40f7c0 0xf54c 0xd14c 0x0
DefFrameProcA 0x0 0x40f7c4 0xf550 0xd150 0x0
GetWindowRect 0x0 0x40f7c8 0xf554 0xd154 0x0
IsChild 0x0 0x40f7cc 0xf558 0xd158 0x0
GetClassNameA 0x0 0x40f7d0 0xf55c 0xd15c 0x0
GetKeyState 0x0 0x40f7d4 0xf560 0xd160 0x0
DestroyIcon 0x0 0x40f7d8 0xf564 0xd164 0x0
RegisterWindowMessageA 0x0 0x40f7dc 0xf568 0xd168 0x0
GDI32.DLL (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject 0x0 0x40f7e4 0xf570 0xd170 0x0
SelectObject 0x0 0x40f7e8 0xf574 0xd174 0x0
SetBkColor 0x0 0x40f7ec 0xf578 0xd178 0x0
SetTextColor 0x0 0x40f7f0 0xf57c 0xd17c 0x0
GetTextExtentPoint32A 0x0 0x40f7f4 0xf580 0xd180 0x0
CreateSolidBrush 0x0 0x40f7f8 0xf584 0xd184 0x0
DeleteObject 0x0 0x40f7fc 0xf588 0xd188 0x0
GetObjectA 0x0 0x40f800 0xf58c 0xd18c 0x0
CreateCompatibleDC 0x0 0x40f804 0xf590 0xd190 0x0
GetDIBits 0x0 0x40f808 0xf594 0xd194 0x0
DeleteDC 0x0 0x40f80c 0xf598 0xd198 0x0
GetObjectType 0x0 0x40f810 0xf59c 0xd19c 0x0
CreateDIBSection 0x0 0x40f814 0xf5a0 0xd1a0 0x0
BitBlt 0x0 0x40f818 0xf5a4 0xd1a4 0x0
CreateBitmap 0x0 0x40f81c 0xf5a8 0xd1a8 0x0
SetPixel 0x0 0x40f820 0xf5ac 0xd1ac 0x0
COMCTL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
InitCommonControlsEx 0x0 0x40f828 0xf5b4 0xd1b4 0x0
OLE32.DLL (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize 0x0 0x40f830 0xf5bc 0xd1bc 0x0
CoTaskMemFree 0x0 0x40f834 0xf5c0 0xd1c0 0x0
RevokeDragDrop 0x0 0x40f838 0xf5c4 0xd1c4 0x0
SHELL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExA 0x0 0x40f840 0xf5cc 0xd1cc 0x0
WINMM.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
timeBeginPeriod 0x0 0x40f848 0xf5d4 0xd1d4 0x0
SHLWAPI.DLL (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathQuoteSpacesA 0x0 0x40f850 0xf5dc 0xd1dc 0x0
PathUnquoteSpacesA 0x0 0x40f854 0xf5e0 0xd1e0 0x0
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
tempexplorer.exe 6 0x00400000 0x0042EFFF Relevant Image - 32-bit - True False
...
tempexplorer.exe 6 0x00400000 0x0042EFFF Process Termination - 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Win32.Ramnit
Malicious
C:\Windows\svchost.com Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 40.50 KB
MD5 36fd5e09c417c767a952b4609d73a54b Copy to Clipboard
SHA1 299399c5a2403080a5bf67fb46faec210025b36d Copy to Clipboard
SHA256 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2 Copy to Clipboard
SSDeep 768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2011-07-17 12:57 (UTC+2)
Last Seen 2019-07-19 06:52 (UTC+2)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 1.3
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Memory Dumps (5)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
tempexplorer.exe 4 0x00400000 0x0041AFFF Relevant Image - 32-bit - True False
...
svchost.com 11 0x00400000 0x0041AFFF Relevant Image - 32-bit - True False
...
svchost.com 12 0x00400000 0x0041AFFF Relevant Image - 32-bit - True False
...
svchost.com 12 0x00400000 0x0041AFFF Process Termination - 32-bit - True False
...
svchost.com 11 0x00400000 0x0041AFFF Process Termination - 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\Users\5P5NRG~1\AppData\Local\Temp\3582-490\TempexplorerSrv.exe Dropped File Binary
Malicious
...
»
Also Known As C:\Program Files (x86)\Microsoft\DesktopLayer.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 111.50 KB
MD5 47826f2614f1fa90601dc51e40d5c29e Copy to Clipboard
SHA1 e9673510f232869a91280e4c2941f8aa2f8c5108 Copy to Clipboard
SHA256 947d28e57a71ab35c91b6c3efc01734191ac2a488985f2554aa5b980ee53f8be Copy to Clipboard
SSDeep 3072:TROzoTq0+RO7IwnYrHguBvcBvz4qBjEL:1kdNwBe3vMkqBg Copy to Clipboard
ImpHash 500cd02578808f964519eb2c85153046 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2014-08-28 00:58 (UTC+2)
Last Seen 2017-12-31 11:13 (UTC+1)
Names Win32.Virus.Ramnit
Families Ramnit
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x42e000
Size Of Code 0xe000
Size Of Initialized Data 0x1000
Size Of Uninitialized Data 0x1e000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2008-02-12 11:02:20+00:00
Version Information (8)
»
CompanyName SOFTWIN S
FileDescription BitDefen
FileVersion 106.42.73
InternalName фжзрюкшэщ
LegalCopyright 2528-6
OriginalFilename nedwp
ProductName люзанх
ProductVersion 106.4
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0x1e000 0x0 0x400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x41f000 0xe000 0xd200 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.95
.rsrc 0x42d000 0x1000 0x600 0xd600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.43
.rmnet 0x42e000 0xf000 0xe200 0xdc00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.97
Imports (3)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x42d538 0x2d538 0xdb38 0x0
GetProcAddress 0x0 0x42d53c 0x2d53c 0xdb3c 0x0
VirtualProtect 0x0 0x42d540 0x2d540 0xdb40 0x0
VirtualAlloc 0x0 0x42d544 0x2d544 0xdb44 0x0
VirtualFree 0x0 0x42d548 0x2d548 0xdb48 0x0
ExitProcess 0x0 0x42d54c 0x2d54c 0xdb4c 0x0
SHELL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragFinish 0x0 0x42d554 0x2d554 0xdb54 0x0
USER32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinHelpW 0x0 0x42d55c 0x2d55c 0xdb5c 0x0
Memory Dumps (15)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
tempexplorersrv.exe 7 0x00400000 0x0043CFFF Relevant Image - 32-bit - True False
...
buffer 7 0x00220000 0x0022EFFF First Execution - 32-bit 0x00222CA9 False False
...
buffer 7 0x00230000 0x00236FFF Content Changed - 32-bit - False False
...
tempexplorersrv.exe 7 0x00400000 0x0043CFFF Content Changed - 32-bit - True False
...
tempexplorersrv.exe 7 0x00400000 0x0043CFFF Content Changed - 32-bit - True False
...
buffer 8 0x00220000 0x0022EFFF First Execution - 32-bit 0x00222CA9 False False
...
tempexplorersrv.exe 7 0x00400000 0x0043CFFF Process Termination - 32-bit - True False
...
buffer 8 0x00230000 0x00236FFF Content Changed - 32-bit - False False
...
desktoplayer.exe 9 0x00400000 0x0043CFFF Relevant Image - 32-bit - True False
...
buffer 9 0x00220000 0x0022EFFF First Execution - 32-bit 0x00222CA9 False False
...
buffer 9 0x00230000 0x00236FFF Content Changed - 32-bit - False False
...
desktoplayer.exe 9 0x00400000 0x0043CFFF Content Changed - 32-bit - True False
...
desktoplayer.exe 9 0x00400000 0x0043CFFF Content Changed - 32-bit - True False
...
buffer 10 0x00220000 0x0022EFFF First Execution - 32-bit 0x00222CA9 False False
...
buffer 10 0x002B0000 0x002B6FFF Content Changed - 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Win32.Ramnit
Malicious
C:\Users\5P5NRG~1\AppData\Local\Temp\3582-490\TempexplorerSrvSrv.exe Dropped File Binary
Malicious
...
»
Also Known As C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 55.00 KB
MD5 ff5e1f27193ce51eec318714ef038bef Copy to Clipboard
SHA1 b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 Copy to Clipboard
SHA256 fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 Copy to Clipboard
SSDeep 1536:Q+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzE:bROzoTq0+RO7IwnY Copy to Clipboard
ImpHash 500cd02578808f964519eb2c85153046 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2011-06-04 11:56 (UTC+2)
Last Seen 2019-10-29 09:19 (UTC+1)
Names Win32.Trojan.Ramnit
Families Ramnit
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x42c030
Size Of Code 0xe000
Size Of Initialized Data 0x1000
Size Of Uninitialized Data 0x1e000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2008-02-12 11:02:20+00:00
Packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Version Information (8)
»
CompanyName SOFTWIN S
FileDescription BitDefen
FileVersion 106.42.73
InternalName фжзрюкшэщ
LegalCopyright 2528-6
OriginalFilename nedwp
ProductName люзанх
ProductVersion 106.4
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0x1e000 0x0 0x400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x41f000 0xe000 0xd200 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.95
.rsrc 0x42d000 0x1000 0x600 0xd600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.43
Imports (3)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x42d538 0x2d538 0xdb38 0x0
GetProcAddress 0x0 0x42d53c 0x2d53c 0xdb3c 0x0
VirtualProtect 0x0 0x42d540 0x2d540 0xdb40 0x0
VirtualAlloc 0x0 0x42d544 0x2d544 0xdb44 0x0
VirtualFree 0x0 0x42d548 0x2d548 0xdb48 0x0
ExitProcess 0x0 0x42d54c 0x2d54c 0xdb4c 0x0
SHELL32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragFinish 0x0 0x42d554 0x2d554 0xdb54 0x0
USER32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinHelpW 0x0 0x42d55c 0x2d55c 0xdb5c 0x0
Memory Dumps (18)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
buffer 7 0x00220000 0x0022EFFF First Execution - 32-bit 0x00222CA9 False False
...
buffer 7 0x00230000 0x00236FFF Content Changed - 32-bit - False False
...
tempexplorersrvsrv.exe 8 0x00400000 0x0042DFFF Relevant Image - 32-bit - True False
...
buffer 8 0x00220000 0x0022EFFF First Execution - 32-bit 0x00222CA9 False False
...
buffer 8 0x00230000 0x00236FFF Content Changed - 32-bit - False False
...
tempexplorersrvsrv.exe 8 0x00400000 0x0042DFFF Content Changed - 32-bit - True False
...
tempexplorersrvsrv.exe 8 0x00400000 0x0042DFFF Content Changed - 32-bit - True False
...
buffer 8 0x00230000 0x00230FFF Content Changed - 32-bit - False False
...
ntdll.dll 8 0x77130000 0x772AFFFF Content Changed - 32-bit - False False
...
buffer 9 0x00220000 0x0022EFFF First Execution - 32-bit 0x00222CA9 False False
...
buffer 9 0x00230000 0x00236FFF Content Changed - 32-bit - False False
...
desktoplayersrv.exe 10 0x00400000 0x0042DFFF Relevant Image - 32-bit - True False
...
buffer 9 0x00230000 0x00230FFF Content Changed - 32-bit - False False
...
buffer 10 0x00220000 0x0022EFFF First Execution - 32-bit 0x00222CA9 False False
...
buffer 10 0x002B0000 0x002B6FFF Content Changed - 32-bit - False False
...
desktoplayersrv.exe 10 0x00400000 0x0042DFFF Content Changed - 32-bit - True False
...
desktoplayersrv.exe 10 0x00400000 0x0042DFFF Content Changed - 32-bit - True False
...
tempexplorersrvsrv.exe 8 0x00400000 0x0042DFFF Process Termination - 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.Zbot.IVF
Malicious
C:\bot.exe Dropped File Binary
Malicious
...
»
Also Known As C:\SpLiTTer.Exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 742.00 KB
MD5 568539e94ba43fa775cda254dea85a88 Copy to Clipboard
SHA1 3d30e8d264239a5e3bb5f57055c67868a236a103 Copy to Clipboard
SHA256 684ec6b84897b1a4c1e32681818244d812f2e782f12baaa0be5bed8ec77e7f1e Copy to Clipboard
SSDeep 12288:p8G7YdpkqP9MVLwGM8AMFt35+H16qtVLB/UEtWWIIk9O6dWuhDqWU/PuU6yy80ew:arPRGM/gt350VVUNlhdWsqW8Piyy80ew Copy to Clipboard
ImpHash 9f4693fc0c511135129493f2161d1e86 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-06 05:39 (UTC+1)
Last Seen 2020-01-06 05:58 (UTC+1)
Names Win32.Virus.Neshta
Families Neshta
Classification Virus
PE Information
»
Image Base 0x400000
Entry Point 0x4080e4
Size Of Code 0x7400
Size Of Initialized Data 0x2a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x722c 0x7400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.51
DATA 0x409000 0x218 0x400 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.15
BSS 0x40a000 0xa899 0x0 0x7c00 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x415000 0x864 0xa00 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.17
.tls 0x416000 0x8 0x0 0x8600 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x417000 0x18 0x200 0x8600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x418000 0x5cc 0x600 0x8800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.44
.rsrc 0x419000 0x1400 0x1400 0x8e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 5.1
Imports (10)
»
kernel32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x4150dc 0x150dc 0x7cdc 0x0
LeaveCriticalSection 0x0 0x4150e0 0x150e0 0x7ce0 0x0
EnterCriticalSection 0x0 0x4150e4 0x150e4 0x7ce4 0x0
InitializeCriticalSection 0x0 0x4150e8 0x150e8 0x7ce8 0x0
VirtualFree 0x0 0x4150ec 0x150ec 0x7cec 0x0
VirtualAlloc 0x0 0x4150f0 0x150f0 0x7cf0 0x0
LocalFree 0x0 0x4150f4 0x150f4 0x7cf4 0x0
LocalAlloc 0x0 0x4150f8 0x150f8 0x7cf8 0x0
GetVersion 0x0 0x4150fc 0x150fc 0x7cfc 0x0
GetCurrentThreadId 0x0 0x415100 0x15100 0x7d00 0x0
GetThreadLocale 0x0 0x415104 0x15104 0x7d04 0x0
GetStartupInfoA 0x0 0x415108 0x15108 0x7d08 0x0
GetLocaleInfoA 0x0 0x41510c 0x1510c 0x7d0c 0x0
GetCommandLineA 0x0 0x415110 0x15110 0x7d10 0x0
FreeLibrary 0x0 0x415114 0x15114 0x7d14 0x0
ExitProcess 0x0 0x415118 0x15118 0x7d18 0x0
WriteFile 0x0 0x41511c 0x1511c 0x7d1c 0x0
UnhandledExceptionFilter 0x0 0x415120 0x15120 0x7d20 0x0
RtlUnwind 0x0 0x415124 0x15124 0x7d24 0x0
RaiseException 0x0 0x415128 0x15128 0x7d28 0x0
GetStdHandle 0x0 0x41512c 0x1512c 0x7d2c 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x415134 0x15134 0x7d34 0x0
MessageBoxA 0x0 0x415138 0x15138 0x7d38 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x415140 0x15140 0x7d40 0x0
RegOpenKeyExA 0x0 0x415144 0x15144 0x7d44 0x0
RegCloseKey 0x0 0x415148 0x15148 0x7d48 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x415150 0x15150 0x7d50 0x0
SysReAllocStringLen 0x0 0x415154 0x15154 0x7d54 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x41515c 0x1515c 0x7d5c 0x0
TlsGetValue 0x0 0x415160 0x15160 0x7d60 0x0
LocalAlloc 0x0 0x415164 0x15164 0x7d64 0x0
GetModuleHandleA 0x0 0x415168 0x15168 0x7d68 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegSetValueExA 0x0 0x415170 0x15170 0x7d70 0x0
RegOpenKeyExA 0x0 0x415174 0x15174 0x7d74 0x0
RegCloseKey 0x0 0x415178 0x15178 0x7d78 0x0
kernel32.dll (28)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x415180 0x15180 0x7d80 0x0
WinExec 0x0 0x415184 0x15184 0x7d84 0x0
SetFilePointer 0x0 0x415188 0x15188 0x7d88 0x0
SetFileAttributesA 0x0 0x41518c 0x1518c 0x7d8c 0x0
SetEndOfFile 0x0 0x415190 0x15190 0x7d90 0x0
SetCurrentDirectoryA 0x0 0x415194 0x15194 0x7d94 0x0
ReleaseMutex 0x0 0x415198 0x15198 0x7d98 0x0
ReadFile 0x0 0x41519c 0x1519c 0x7d9c 0x0
GetWindowsDirectoryA 0x0 0x4151a0 0x151a0 0x7da0 0x0
GetTempPathA 0x0 0x4151a4 0x151a4 0x7da4 0x0
GetShortPathNameA 0x0 0x4151a8 0x151a8 0x7da8 0x0
GetModuleFileNameA 0x0 0x4151ac 0x151ac 0x7dac 0x0
GetLogicalDriveStringsA 0x0 0x4151b0 0x151b0 0x7db0 0x0
GetLocalTime 0x0 0x4151b4 0x151b4 0x7db4 0x0
GetLastError 0x0 0x4151b8 0x151b8 0x7db8 0x0
GetFileSize 0x0 0x4151bc 0x151bc 0x7dbc 0x0
GetFileAttributesA 0x0 0x4151c0 0x151c0 0x7dc0 0x0
GetDriveTypeA 0x0 0x4151c4 0x151c4 0x7dc4 0x0
GetCommandLineA 0x0 0x4151c8 0x151c8 0x7dc8 0x0
FreeLibrary 0x0 0x4151cc 0x151cc 0x7dcc 0x0
FindNextFileA 0x0 0x4151d0 0x151d0 0x7dd0 0x0
FindFirstFileA 0x0 0x4151d4 0x151d4 0x7dd4 0x0
FindClose 0x0 0x4151d8 0x151d8 0x7dd8 0x0
DeleteFileA 0x0 0x4151dc 0x151dc 0x7ddc 0x0
CreateMutexA 0x0 0x4151e0 0x151e0 0x7de0 0x0
CreateFileA 0x0 0x4151e4 0x151e4 0x7de4 0x0
CreateDirectoryA 0x0 0x4151e8 0x151e8 0x7de8 0x0
CloseHandle 0x0 0x4151ec 0x151ec 0x7dec 0x0
gdi32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StretchDIBits 0x0 0x4151f4 0x151f4 0x7df4 0x0
SetDIBits 0x0 0x4151f8 0x151f8 0x7df8 0x0
SelectObject 0x0 0x4151fc 0x151fc 0x7dfc 0x0
GetObjectA 0x0 0x415200 0x15200 0x7e00 0x0
GetDIBits 0x0 0x415204 0x15204 0x7e04 0x0
DeleteObject 0x0 0x415208 0x15208 0x7e08 0x0
DeleteDC 0x0 0x41520c 0x1520c 0x7e0c 0x0
CreateSolidBrush 0x0 0x415210 0x15210 0x7e10 0x0
CreateDIBSection 0x0 0x415214 0x15214 0x7e14 0x0
CreateCompatibleDC 0x0 0x415218 0x15218 0x7e18 0x0
CreateCompatibleBitmap 0x0 0x41521c 0x1521c 0x7e1c 0x0
BitBlt 0x0 0x415220 0x15220 0x7e20 0x0
user32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReleaseDC 0x0 0x415228 0x15228 0x7e28 0x0
GetSysColor 0x0 0x41522c 0x1522c 0x7e2c 0x0
GetIconInfo 0x0 0x415230 0x15230 0x7e30 0x0
GetDC 0x0 0x415234 0x15234 0x7e34 0x0
FillRect 0x0 0x415238 0x15238 0x7e38 0x0
DestroyIcon 0x0 0x41523c 0x1523c 0x7e3c 0x0
CopyImage 0x0 0x415240 0x15240 0x7e40 0x0
CharLowerBuffA 0x0 0x415244 0x15244 0x7e44 0x0
shell32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x41524c 0x1524c 0x7e4c 0x0
ExtractIconA 0x0 0x415250 0x15250 0x7e50 0x0
Local AV Matches (1)
»
Threat Name Severity
Win32.Neshta.A
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\A581.tmp\spwak.vbs Dropped File Text
Blacklisted
...
»
Mime Type text/x-vbscript
File Size 203 bytes
MD5 e9ffd9f618cbf36ad6c910c161bb8080 Copy to Clipboard
SHA1 a702b4220bbded577b4b699611bb73593b12ae71 Copy to Clipboard
SHA256 020ca4b4574a40418b8aa4c2d74b0488e9d150e8d3f5e56e5c6dcca6f7dfaaac Copy to Clipboard
SSDeep 6:jDSggCGVoHER4RwiFsFkkVoHwIUV85knyBisFX2m6Tn:/SZCGVaER4RNFsFnaUV88yBXhn6Tn Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2016-02-28 16:42 (UTC+1)
Last Seen 2019-03-27 00:19 (UTC+1)
Names Script-VBS.Trojan.Cerber
Families Cerber
Classification Trojan
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\A7C3.tmp\splitterrypted.vbs Dropped File Text
Blacklisted
...
»
Mime Type text/x-vbscript
File Size 1.47 KB
MD5 95101ac14df74fa38272d4e32ba938d4 Copy to Clipboard
SHA1 9fa5494b7a413ab9271b55033763dbb65eddc46a Copy to Clipboard
SHA256 b7ce475d2191be4c4cf75936d3bf3fdc6f973d4c948f86f92a854dee52db103b Copy to Clipboard
SSDeep 24:8xErqSuEApxomtAjHUxRFJWVABaaMa7kBMuyRkxqO5jXjHZDrPRNgWIuyRkxqO5P:8AYh27oNWVuk8kxqO5jXjHZDvvukxqO9 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 06:02 (UTC+1)
Last Seen 2019-11-20 08:14 (UTC+1)
Names Script-VBS.Trojan.Frs
Families Frs
Classification Trojan
c:\users\5p5nrgjn0js halpmcxz\appdata\local\gdipfontcachev1.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 106.27 KB
MD5 92e128dcb152d05f07faf5da64bd1c91 Copy to Clipboard
SHA1 2174814ca563fc2b9679fffbf1b40bdf3ac9abec Copy to Clipboard
SHA256 11437a99f5f9c0a6df09c64abc8828ad3ecd8cf4fa601340ded86b8945edff43 Copy to Clipboard
SSDeep 768:i8HrbdvVyZHgTl7ho5sZWN/Ys9byFRQ+AwqGuGyZoVyOF7rrlqTIyMnm:/pVyZHgTl7h6tKR7AwqlGyZQVO1Mnm Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0-XbmjhApBpbl9PNZz.png Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0-XbmjhApBpbl9PNZz.png.Indonesia (Dropped File)
Mime Type application/octet-stream
File Size 68.06 KB
MD5 46f159f704a36d74c2fecf4cba83845e Copy to Clipboard
SHA1 c43bcba1f19d11a2305572d629ade3b909665948 Copy to Clipboard
SHA256 c8b7aa6dab3decf8b8ca367cf43414a4e51094d4f5483cbd203817eb2fdcea7a Copy to Clipboard
SSDeep 1536:ZjjME5CmI1FWIFfRn2vav0LvZJKM3VOwmdie8UfiJ6VbuOLsvHMinam:ZktZf12y81AsVOieYEbuOL76am Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n1ZSF-StyB.bmp.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\n1ZSF-StyB.bmp (Modified File)
Mime Type application/octet-stream
File Size 3.48 KB
MD5 ff34ab63b569af3a450d413bc1d978cf Copy to Clipboard
SHA1 8c4271b90d7e8a7fc6fa351a6b12bf05f0c9c10d Copy to Clipboard
SHA256 697ff9ef30faf1a91e1db9f86d97ede71dfa342cf8a0103b24ada9d9705e875a Copy to Clipboard
SSDeep 96:+W8E/Q3/sEGPQEvcpd4CTBXaQRp7L9sVS7aPjPS/VSyhr8:lpQPsM4cBXj9sya7E8 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p_4JK8RE.mp3.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p_4JK8RE.mp3 (Modified File)
Mime Type application/octet-stream
File Size 74.00 KB
MD5 eb672789c8c8eba6058bc652a4c18255 Copy to Clipboard
SHA1 fef5a188aabe44b696d833344b36f37da1f9e0c4 Copy to Clipboard
SHA256 bc3647ad2e300a4f10e2b6a45b221b5b1478b2de8f3028c6e7473754c4eab108 Copy to Clipboard
SSDeep 1536:/XLIqHiyUaG4NBlN3T6oB+VYPKiQJqgTYfA9XrrjDHSQTestd:jPCvaGEl1T6SPDYSA9Xrr/ZRv Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\MOuCPXz89mi-vjY\cKeWXjPU.doc.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\MOuCPXz89mi-vjY\cKeWXjPU.doc (Modified File)
Mime Type application/octet-stream
File Size 94.88 KB
MD5 8c64086bf4f413df02114593c2958513 Copy to Clipboard
SHA1 298469cb033bbd4348efa48cfd0da7d28ef8e087 Copy to Clipboard
SHA256 4cb5a7fba73a55299fd1cb3a8d3de1594f9d1d5a4c6d0e98035f347429cc2450 Copy to Clipboard
SSDeep 1536:X5bqcTFsqw6Ql96vVhqp1kRkpYPN2uMfLL/y/Pm8ucYPSKRaTiy5MXei:X5bTGqw6bdkakpGN2ffLLmOb7B8i Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\RDb44Dd9rK\gkez7qCe4pvt8.avi Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\RDb44Dd9rK\gkez7qCe4pvt8.avi.Indonesia (Dropped File)
Mime Type application/octet-stream
File Size 51.31 KB
MD5 48bb5f0f6ead5ce0a90d784f45f37352 Copy to Clipboard
SHA1 45807c177677ed3311b1b779695ffc5ffa7a5bd5 Copy to Clipboard
SHA256 ff4c7685dfbd1fe4cc842cf7f6f3bd966381edc1b337e0f93f5788141d909e6e Copy to Clipboard
SSDeep 1536:iT1x5P7VmRqtMrRn9gJoP32GIyHb1tF0ur2Kof:cP7vhqP3fHptF0uraf Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4aD-jo8V7HaiJ.pptx Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4aD-jo8V7HaiJ.pptx.Indonesia (Dropped File)
Mime Type application/octet-stream
File Size 75.56 KB
MD5 f4508ae6799ee50a585a3388c4dd1c4c Copy to Clipboard
SHA1 525ab54aa84b33e8d79b48f7bd1acda127f342e9 Copy to Clipboard
SHA256 b41e7f437a971f9c52db0a0c966b86e58eccb8673210836ef29e2fdfe586ff72 Copy to Clipboard
SSDeep 1536:wgWq7RXTAQhGmhI6Z6vUQqNNQa179eopYhxE5ur42dF9GPNCUPDy52:UqdXTnhZfqULNl179npYXmurdL9wNXDt Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9gRW7p18DfY1_.xlsx.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9gRW7p18DfY1_.xlsx (Modified File)
Mime Type application/octet-stream
File Size 73.25 KB
MD5 25cf70ae6462796aa356889160cfe8c2 Copy to Clipboard
SHA1 03fa2791c7813a9d24a557e7894066dbc1ddf9c8 Copy to Clipboard
SHA256 c643d3771d7c887f4157d3611376f335991e62f61380f0b8402b5ed87f23d26e Copy to Clipboard
SSDeep 1536:wnsV0b3ihmcyUf2MfIQ5fbyZnVmOvaECsAITTOEimv6eao7tSkjXFl96MAs:isfyUfpgQ5fAYSCsAyTOEimv6hoYkjAG Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\jqQp77PTEWZWi6QlFx2.pptx Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\jqQp77PTEWZWi6QlFx2.pptx.Indonesia (Dropped File)
Mime Type application/octet-stream
File Size 41.05 KB
MD5 0f1e2f3a9555c1fecc49a6313f025830 Copy to Clipboard
SHA1 e945442ed5103acbd0ab1f6748743e9d23e56be5 Copy to Clipboard
SHA256 8f778ec1efcb681f05844e03f08a6c1a921964b255e72759093e6c2e1a43d122 Copy to Clipboard
SSDeep 768:Mw5Ffymsz6haCGLBH8wzthcK9WnTrPrXu/xNBE65VFfE1UpfDBTc5OCzM1i84t8v:HfhyZjB88cUeGNf5VFfMUpfcOOM1i86e Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\uprg1XzZ2H dZcVu1J.docx Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\uprg1XzZ2H dZcVu1J.docx.Indonesia (Dropped File)
Mime Type application/octet-stream
File Size 80.98 KB
MD5 abbb8a66274b892214073355777171eb Copy to Clipboard
SHA1 37b68902e49f54f190041f858dfd4fbd2b1ca92b Copy to Clipboard
SHA256 20735ee7ff33ee74dfe36907354c7a155e3894997be92c2e8cdf8f9733e9662b Copy to Clipboard
SSDeep 1536:Pg/KfLUVkYdtr5hq+mDeZwSdl7izhiPnBMv9/4z1Ry/L3E6tJ/lxz:5UOYdtr5ELFSl7icPB69/45Ry/BB Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bxaXZKffq6pRKB.gif.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bxaXZKffq6pRKB.gif (Modified File)
Mime Type application/octet-stream
File Size 50.17 KB
MD5 2a818d66275854e05d5453e9a6fdd986 Copy to Clipboard
SHA1 e7383339210c253b1d83f4aeee6bb211d89dafb7 Copy to Clipboard
SHA256 d8b946f6716c495277247307bc52289b5e653d497a6357025df9970d92e5a0d4 Copy to Clipboard
SSDeep 1536:pIM/WbCULLHVkZpC8IGfkjTOx16P6dacumZGGyNkx:KM/oywYkfaUc2Nkx Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jR 3X0d Iy.gif.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jR 3X0d Iy.gif (Modified File)
Mime Type application/octet-stream
File Size 96.06 KB
MD5 c49ab4e5182aa58a758934302492194c Copy to Clipboard
SHA1 2634ee12b069dde80c7b95d83e113fe3d7135180 Copy to Clipboard
SHA256 e17d235be80046c8a78e42cfd02d7fb4d6fd1416a9e7855a6d4bfe9315278745 Copy to Clipboard
SSDeep 3072:EVKZoLy9gb3k15OjUbvfAnIbOXC2Jkt6DZ:EsZZ15pbeIbwZJFDZ Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1Xt-r0-zf1.gif.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1Xt-r0-zf1.gif (Modified File)
Mime Type application/octet-stream
File Size 65.08 KB
MD5 6454e698f4ea046a2494708d1896b615 Copy to Clipboard
SHA1 8bda222579f5fa0c51221c9ef37c65d88258ae92 Copy to Clipboard
SHA256 501a83054df731367d0acfea5b6ffa95f84d1c479e83c77af272a5cf5f869401 Copy to Clipboard
SSDeep 1536:sG8ODUVLjcjmN05aRXJBDQzYroaolslH5z4ape:GODUFjI35aRX0zg3Hp4aA Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\SEXlC.bmp.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\SEXlC.bmp (Modified File)
Mime Type application/octet-stream
File Size 83.97 KB
MD5 77ed4e8c379d78ca1a15a89fe7741a78 Copy to Clipboard
SHA1 d0d31c41e973ca278cb9f6734d089f81df86023b Copy to Clipboard
SHA256 a7ebf338142c2830eff31ea3a68beb8d5d2a7721c40290e1cc8c38e27d4364f9 Copy to Clipboard
SSDeep 1536:DMEqf20TDFqIQ7jDmksJpPxs5YtxQcQXN85CfagvA/d+LbWcxflfrOW:IBrDFqlPbGXZwm5Cfal/dA5rx Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\YMH h4jMK7XgG.png.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\YMH h4jMK7XgG.png (Modified File)
Mime Type application/octet-stream
File Size 65.16 KB
MD5 e47b36ed492d3615ab2ca463814927b1 Copy to Clipboard
SHA1 24a6375f72cb1e7975d5722337e083857ccda6b2 Copy to Clipboard
SHA256 c61fd8ff23735782cab2e31177e29d756237db0876ce0164e160fd2568e5ddf4 Copy to Clipboard
SSDeep 1536:tgJIQGgdSFut3WLyi8bsfwjBw13sdYTQ4mk04QOlKAw4:yJNGgdCut3UdfwO1c94QWn/ Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\iO0-ro.m4a Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\iO0-ro.m4a.Indonesia (Dropped File)
Mime Type application/octet-stream
File Size 89.88 KB
MD5 689b294c44527e85f436d41eef5d64f7 Copy to Clipboard
SHA1 17ecc61d13f1f7cc159de5d8adbd4bbcead7f8b5 Copy to Clipboard
SHA256 36ae498047eb883cfa47da305077f6f0eeed7f57fa01b9a5fb1bce6d0da558a6 Copy to Clipboard
SSDeep 1536:I5vbXufKXRp/RbndkQJ/EN9AhJGELcEEb5KWzwUWvF+SKHanV3lG8vb2/1eQh7:IpDzb/RWg/I9qGELr9Wzitean1Q8a/1N Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\vu1zqnld.mp4.Indonesia Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\vu1zqnld.mp4 (Modified File)
Mime Type application/octet-stream
File Size 19.44 KB
MD5 20f59bf2954753d8c177631f512aca82 Copy to Clipboard
SHA1 bda1e19642b5af4342d78233b505de607fa6ee0f Copy to Clipboard
SHA256 19b46b8a6a39fa36ff4ecdefefaf173bc55aadafc1d8ecb8dd9872f803aa4b8a Copy to Clipboard
SSDeep 384:8WXAaWpOIvzH2ruj8HeSjAUiZe32s0EPrGmnM5im3zB7/r3Kh+HmcFg0jwXmSLZP:8WXADpPL2ruAHe+A/ZemsXSv5iwzB7rc Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\Yo1 8KB.avi Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\Yo1 8KB.avi.Indonesia (Dropped File)
Mime Type application/octet-stream
File Size 92.77 KB
MD5 43583a329151ecd47392978859a3ce58 Copy to Clipboard
SHA1 f2694612cdf185f8c6bc7bcbb0375d3a70f269dc Copy to Clipboard
SHA256 19924f88b1f8af1bf1cf912d9bfd11cebdc5db26ceaaa3ec367ab95a899a41a6 Copy to Clipboard
SSDeep 1536:N4hXioimOsMKscRHPDmMYQ6p2FQ4cWWoRcpCZeTJBGQT5g9E6nrYHj5:N460MqRHPqMI4hHZyOQT4Emsd Copy to Clipboard
C:\autorun.inf Dropped File Unknown
Unknown
...
»
Mime Type application/x-setupscript
File Size 46 bytes
MD5 31b68b4e575bd2278fa9eb411b44a8ee Copy to Clipboard
SHA1 dfcf96bcb68b0039eebcd7e4108d41063e2ca286 Copy to Clipboard
SHA256 e45f52a608413fbd812a14bca7554b067897354f5c77a359cb39cdfb794645b2 Copy to Clipboard
SSDeep 3:It1KV2gJyK0x:e1KKD Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\galiI az94_3nkr.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.53 KB
MD5 71dc37d60570c77360284744c8a0630e Copy to Clipboard
SHA1 8231b61d4914486d2c483e687a18dfe21a7066e3 Copy to Clipboard
SHA256 11f87791b8a730a4ae404872881e29f0f4b34d27296b0697b87f39323353bdac Copy to Clipboard
SSDeep 192:hmimFFvDHLOEEh2CJameHIScAn5OLKIWmtQdwWKK0y4V/zzEhhSS:hmDFlLTjcTLKIh6jKa4V/zBS Copy to Clipboard
C:\Windows\directx.sys Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 33 bytes
MD5 3f80c09d63dcf163cd90af23cacaee53 Copy to Clipboard
SHA1 5e7c0ac1a26d01052019f9e3a60e2d8a815e1bb9 Copy to Clipboard
SHA256 0aa1dd5b935f4aafb1a1a087ebf7d1193fe944044688677817cf67738c89b685 Copy to Clipboard
SSDeep 3:oXebRmvn:oXebRmvn Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SpLiTTer.Exe Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SpLiTTer.Exe.Indonesia (Dropped File)
Mime Type application/octet-stream
File Size 701.50 KB
MD5 37e090150ed3a0178daf1a0ba477d34a Copy to Clipboard
SHA1 a7565fed60cc0776224f4fe1aa354b98b8b68f19 Copy to Clipboard
SHA256 5a8539c1052ac5f3f66aa5df259b40b201ffbc25ce06ff09408d9cbf50b3d557 Copy to Clipboard
SSDeep 12288:HJGoLRtmOE22dgq7u9J+0Erwwme+WRkevJIPZ2Qd3uBaGwmeqFnCJI83X2Dgghkq:HJGoL+OE22dgqiD+vrwwHpaq+PZQC3qD Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dYHh zf.pptx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 82.05 KB
MD5 392fc63e43f342d0806e2c79269305a2 Copy to Clipboard
SHA1 9a87c03a146ba1f927dfe35487c875ed059c0122 Copy to Clipboard
SHA256 b00258a51659ab68136f40220b199d5606e9ba57cc91e9603efebf4eebb5cf7f Copy to Clipboard
SSDeep 1536:KiO3qFKaNKSAL/IWI1QQecWBkp9nB/074UFt/V10eYRt0i4mtN2yj8bm:KiO6FKaNK3/IB1Qpkp9nB87Pttqc+Ljb Copy to Clipboard
C:\Users\5P5NRG~1\AppData\Local\Temp\tmp5023.tmp Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 8 bytes
MD5 3e777f4cab324dcfc8ca79754b9d402e Copy to Clipboard
SHA1 17a4a69fe7f6aeb2dc520861a216dec4f1b7d78f Copy to Clipboard
SHA256 f7ce217aee5f597cde3714383c72a61453c07840ba6d45a36d53b32cc2fc3144 Copy to Clipboard
SSDeep 3:c/:c/ Copy to Clipboard
C:\Users\5P5NRG~1\AppData\Local\Temp\tmp5023.tmp Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 8 bytes
MD5 a70814fb651ab08bc90012d45ec1a54d Copy to Clipboard
SHA1 25d8cb9ffb29b1521c9509cc1947494001c33acf Copy to Clipboard
SHA256 cb309ff18ff0010cb7ed332e9fe3f0414cfc8349d01f0fa5071c55209461c46e Copy to Clipboard
SSDeep 3:rRgG:Ft Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2sYawNg.png.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 44.16 KB
MD5 88e0384b7373ba972bc9ad640d2a7aa5 Copy to Clipboard
SHA1 b3e66164c8768414cc8cf435bc6df07f93478f6f Copy to Clipboard
SHA256 d07b5656e7efc0ffb6556f776267cc3e19d0b335793b4af02ab5497a4403696b Copy to Clipboard
SSDeep 768:/Etjpv8yPiOZOILxFSjtHAo4lBtZf2NJXGlumPmfTL6YUHiKsCKj43:/mdv8qiQDV0tgoMIUumQTL6D7sCKjY Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6D3Z8r.rtf.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 66.70 KB
MD5 b796d5479887e57ce02590187fb38170 Copy to Clipboard
SHA1 df1f21cee00a4848e839ed575def549384cf905d Copy to Clipboard
SHA256 db739cee0f05f8d97d08cf607022bc6135176751a94fa810be909b3ff1a74288 Copy to Clipboard
SSDeep 1536:wQSsLuuny3SnPE9AznWvTTLX5eh9S7FnLtg197M1Dy:9SsVnPE9YWRq9Sdtg1Qu Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7JqPkViX5AmGvE.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.03 KB
MD5 b1153329330eccc63ec3e45197eac19d Copy to Clipboard
SHA1 b9a2316ca20f64ab18699d7c014f68892e1d8434 Copy to Clipboard
SHA256 1899b002effc658198b5ba52a378925e043325d3ae5bee38ea52fddf5448a6aa Copy to Clipboard
SSDeep 192:S4B+NATf0x5SpPCG9tPeSf0ofXedYVgG8raivtsPdM:JiAj0xEKytWkfXedFG8H1se Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\86nbXhZ3BPsIxKo.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 85.91 KB
MD5 ee7c2e118cdaeea0a4a54f57b3bc43d3 Copy to Clipboard
SHA1 536bff10ce5abc81c7657f95c45f37b3cb55a89f Copy to Clipboard
SHA256 06ce10e9041fa18efca5a9d7e55c2dbfee50b2b61200d2273c3aab58d2eb6825 Copy to Clipboard
SSDeep 1536:9duI+mq/ipf8V4hgkkGiHTkcVHrXGMQNRlIPlXP6FMU9KxolDC:9gnOf8V4hgkkPHjiME+PXU9Kxqm Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9fuafFe.avi.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 58.23 KB
MD5 5c57c4aea25fd973d7d35c09f99babef Copy to Clipboard
SHA1 dc20b5d004f8083b5495ed039464599aa568bd0f Copy to Clipboard
SHA256 69c781815466a817ed990f68c64353df5312afe5196f8e154f005d98238be42c Copy to Clipboard
SSDeep 1536:UdXjzSSoelnaAMoksLU78almDaI/IeoFbFuK2:uj2SfZVhLdalKaIebFL2 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\B3KVc4wEZKU3_uVhqP.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 19.31 KB
MD5 153a44f0c831ddd39896b057f7a06925 Copy to Clipboard
SHA1 7452ee0f4487e6aa8d580b83a4e23c51d0cc3858 Copy to Clipboard
SHA256 40ed8159e2c6f3b77615b6819b870db6589f35c140cdf76164eb3d0107e018ca Copy to Clipboard
SSDeep 384:ixAsl7tyh86WIvmIeci1TvryxmrIrgmxBeDt4avjV7YToBNT4cazyBV7oLo2u:ixA9h8ivhcZvmxmsgDpMTYNkcXBVf2u Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dW76dBEuG.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 55.78 KB
MD5 71abe047895fdacce41cec41b3648551 Copy to Clipboard
SHA1 652ca8bdb0b54366c3286eeca9535859d9946fce Copy to Clipboard
SHA256 52fee11a1672842f926fb982489b4d4818a97e4b8db32d3bcf5a3e2f2dd8ea89 Copy to Clipboard
SSDeep 1536:wt0SL/cbx/uP0JZyHUlMpGXqu3nt7Nd6jswIYxM:injM60Gp7uXt7SPW Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E wK4x.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 48.88 KB
MD5 7683c3e870c4a86f30cfc0175d6d06bd Copy to Clipboard
SHA1 8ee15b79c22cdae048cb553f26132f8573b19637 Copy to Clipboard
SHA256 a3a66e3728e170d0d2e811cd0e0b23f24b57e70acbc9a50098a7a80c76166596 Copy to Clipboard
SSDeep 1536:XCeS3C9mIqKG88VVMZOdwpXXOaoQR/wDNF0XR:XCemg9NG8o+ZPXXOaTR/ONqh Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K5Jl6.png.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 62.88 KB
MD5 f7bac74942ab4b59056c1bb914da0d69 Copy to Clipboard
SHA1 06823fe2f0a5fe6f3266a398966f337b8451238e Copy to Clipboard
SHA256 d5261c9d38c30e98ce71c4212bae40bbe014fe4d83188b1d52541c3ae5cc203f Copy to Clipboard
SSDeep 1536:ND7kcxhQPZk1JoT/M0HDBy0al3I2t7Atbpa0QpWPOBGLq:CcE7zhERlht85pMMOBG2 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LpSSsO6 KQDuPU-OODxj.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.11 KB
MD5 18bed8e422c77c71e76f4107df1434da Copy to Clipboard
SHA1 ccd40744e3a5be96b6976b078e7497a718fbfb25 Copy to Clipboard
SHA256 baedf680cc9ea8ec0be658b6ee9b5e5efbeecdc262936c9d13c8686cc65db98e Copy to Clipboard
SSDeep 192:ownXOLHNvrioB790/xOlT+XmxOwmsVq0G5qiw5BwU66/OF0JtSJ1Y:f+Llrz7Ogl9xOeA0zGGJ47Y Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MaTx3MZoB6P.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 95.72 KB
MD5 4df28ee9915bca6adddf4f3465471209 Copy to Clipboard
SHA1 281147d5be1cd4c837b33fae520d3fa5638ca203 Copy to Clipboard
SHA256 1b7304756bb593526aa131080bb1cb4994d5d68ef13e5d22e5af17c318a73bdf Copy to Clipboard
SSDeep 1536:s48/Ud/iiZXf/+gkg0B3SSvFhMFPLU+qWah406cq8O4bZce0YwQ/EX:sV/wiix+Dg0l8FVqWah40nq4ZnyQs Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NVmgnI9iS2OKP.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.14 KB
MD5 84f3fd09b0f7d90d2fdc04d16759000a Copy to Clipboard
SHA1 b93506c7004e0df989c42e83208571d316c014a5 Copy to Clipboard
SHA256 9873d9267cc0e83c2e7344d4c4301afbdff30a0ccb6adf7f521e25d14fb9f3e8 Copy to Clipboard
SSDeep 24:eV/AfWBifwIXav6mF9IszssWw5IzZu3NnFzA/LtHeCn:GIMTqaCY9IsQ3ZkpAztHeC Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OShF.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 55.31 KB
MD5 6ca5ead30e3409ce7cddc98330c83547 Copy to Clipboard
SHA1 e288e7cc2df54e6491c5c5e13d466c100a4360ff Copy to Clipboard
SHA256 2468b0e19f2033bbfc672e08dec996f4c527c346c2fcadf11610b4f22490097c Copy to Clipboard
SSDeep 1536:jome0v9OA5kFVrBFa99N4sdHF7EI8jlUUFu35AwGaRf6oh3FG:johk9l5kFVrBe48lgIZUu3WwPf68U Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pj1kXYFH.xls.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 25.39 KB
MD5 b597f6f6005473346dc3252556bb6cca Copy to Clipboard
SHA1 5a01f2798ffad1037ac7bf4d1d35f9edd38f0b1c Copy to Clipboard
SHA256 3561e78db129bbd2648119a8bc9f96f17d44fdbdd1263108ae20c92e4e108da7 Copy to Clipboard
SSDeep 768:EEXjNIrKFN72gXcLVJldWk7yDOISLkIH6O:5RP5X+VJlkk7y6ISAIH6O Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\U6zVHGT_YCPkcYiydgUz.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 21.34 KB
MD5 710d838933ec47230acd8a394fa61a1f Copy to Clipboard
SHA1 b0a9a1666ea66f5011476300d684b6eb6d9a5ee9 Copy to Clipboard
SHA256 8f6239e2367558f485ee351f1017c26dc963b82d76882402134050c423144e7d Copy to Clipboard
SSDeep 384:TjyISwze094fqzhI4EpkEZsrmUh3gHwtv1hl5HgoJ8372tB7jjMEtWqU4B:TjyXwa0SqzhIHe9Hhtv1jx5J8L2AsWq5 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wX7ijA1LIcA8SI-zu5x.csv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 61.55 KB
MD5 73bf4a631248e3478e09c250f99aeeac Copy to Clipboard
SHA1 e99196255e6194ff2eff703aac8ea067a757dd8c Copy to Clipboard
SHA256 ef651689e84af8c0817d76f8abf3f0cd6873f3c34258a979df084fd01039d4c2 Copy to Clipboard
SSDeep 1536:hQQPXUluSODTreMpoEnJAlvnpJrF5b2nQj184fLtF6W36idj0G:hZX2OfreCOnJrT1j6oLtF6WK4j0G Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XFPDhJhOFakiokNXM5.odp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 23.48 KB
MD5 33ff1041a694a97a8344f598bdaf085d Copy to Clipboard
SHA1 cd148b9d89713fa587310b04014db6af8d167c39 Copy to Clipboard
SHA256 dab00fc8cda0af8f3110cb12bcc7e0b79809ed72a079507c8d0b7afa186e816d Copy to Clipboard
SSDeep 384:Rf4i8034QXzy6PNHhcLDH94964K/GQA65tKnosg3Fky77S1KDPcPNteOfGfJBVN5:xP3Ny+HhcLDHy9iTtKImy77fDTlBvz9z Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yqGAtXON8HFRZp8.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 13.48 KB
MD5 ee18dad69322a9e39bd6287cbaa8a6f8 Copy to Clipboard
SHA1 2347467b94f1055d3bfc63f5ee1fb3f08858685f Copy to Clipboard
SHA256 17aa9af5166f073d7f517156c5b2884e4d67d0fe6a6bddab15fad670ba9fff07 Copy to Clipboard
SSDeep 384:r60llWtD39x9tICEE0J7n53U48MV68vT5zV9/zXx+AA:O4lYJKCELnCIVj5PM1 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\z9mz26T9HzE2Hdei-J.mp4.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 28.36 KB
MD5 1001b75651e4f9ee5e2c0f6e04fe0248 Copy to Clipboard
SHA1 229bb59df996bd0a56b0b08dc87597f149069518 Copy to Clipboard
SHA256 1190d112b0d541ea16e0baea1dc26f2a14510b98ce50159754d304d0d960c14a Copy to Clipboard
SSDeep 384:CNDgcHvbP4lDxt9pLk+Y9njWgU7ghP2oksiK59TsPqg8iTkEXfRIqqcUAF/OTv4R:0vHmx3k9NU7mOokYo/1TNyqzFlqb6 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zC x.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 54.19 KB
MD5 ca6a194f75c55c39f1cf15ed610ca188 Copy to Clipboard
SHA1 ffeb3f2548a0fd9807ec969cdc6ec44c0c4ae391 Copy to Clipboard
SHA256 ad5b9b1119b0cb92e41443a9d4d68e3965bbc3cc8479afb3f0cc4aa3e9d26f2c Copy to Clipboard
SSDeep 768:qyWqmw+WSTifOg2atl1hEjbY1xIrRJqbkYhqyEfXxce7AKZNQD1aTleEPDkT:uqmw+KrB8JVYhqdfXxc+dQYBeEc Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZkLGN.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 88.20 KB
MD5 6585450bc27c326c5db240374e293a28 Copy to Clipboard
SHA1 2d4a6505355ec89273db4b29117bea0a4a33918a Copy to Clipboard
SHA256 05d3e689afd2bb2ba352649ecfe23ea1b9c69ff936c042dfc7d66cb191542ebc Copy to Clipboard
SSDeep 1536:ex9qpBIQJNNvYAP6ER9rsS01gR/oAbmCJ5xb88TRnYff37+f0pJwcbUzd/dvwCX5:ePqpb72YDwHgR/nmCJrbbE+MqcYhdzX5 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\hOopDrGt007m.rtf.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.61 KB
MD5 a2c59f5290307a38012d30bce3f9fa66 Copy to Clipboard
SHA1 13f085f2d8e1c67e050f6ca1ec51baa4ee70d856 Copy to Clipboard
SHA256 433941ac0405ab67a78126837d1e1d35cac44f011c8a2e61dfbd9a592edbe7a8 Copy to Clipboard
SSDeep 192:tMFjJhElhdRkSryJTWQbxipzXIeKokNB3BhXu4On1/2Zegw:a1X4RkSry5nbQJX2PxIAEgw Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\IMY1_GWojiyk9TkjYV7.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 87.25 KB
MD5 a80c7efe7e2627c7d01d5c2d371ec669 Copy to Clipboard
SHA1 ea2524ce59e2414f73673c97cc8bbe6b08e8e459 Copy to Clipboard
SHA256 48758ad01b82e0d4cfbb0f64a14660d156f18de3464ccef913628e08587f0acc Copy to Clipboard
SSDeep 1536:USi+t4hixYD3YfmapQADur9MoTwA8OWDe4PW5d8ZVxSLS:USic4hlD30m6CrXMM+jPWQDaS Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\qpz4Ot.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 94.03 KB
MD5 28d5e0fabfe9d45e587b965bf3bffd66 Copy to Clipboard
SHA1 cddf7e95ff9a77f435d52c63fe26016dc524b231 Copy to Clipboard
SHA256 26175981474356d915085752e11137e8ba4c3a85b7d9656729a576d033c74310 Copy to Clipboard
SSDeep 1536:wKry67mhqp+QHHHZluQTT5+JRUAK+gw97sGmWD3hZSMVC5WvZ/aUE+RsN+wWQAKX:wYlsG5llT5k+APPZLhXV3SUE+RsN+GZB Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\MOuCPXz89mi-vjY\56gr9Psys.csv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 92.17 KB
MD5 721ba6ad02fdf75b8105f0e0e473c347 Copy to Clipboard
SHA1 60bdf01444e4b227a21140d8480d11fec11f4c1e Copy to Clipboard
SHA256 162cde5b6eb58a77f8fadafac709cbf4964b729f8ba90ef49f05dcdd977f81de Copy to Clipboard
SSDeep 1536:OJjNc1A3sRfX8+Z1fkeDD+NgdK9j/SYRNByGwgOMjHFBqoOBDFYAQF3EQwAdB7RJ:wcfdX8Wv+NgAB9VO2FwoOBhvQDnJ Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\MOuCPXz89mi-vjY\iffjejid4k.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 63.78 KB
MD5 e5677e102f029c19aaf009ed1a800a33 Copy to Clipboard
SHA1 14811a49f034b45ab462ad7fff779f148e8487ab Copy to Clipboard
SHA256 6ef3b643e60983175117aec937d682292a472fea2144d9cfc78fe5eb806f816e Copy to Clipboard
SSDeep 768:qpKRDDAfyUyWPR9GK1tQ/wJQoibz/R674o/bxteD30mIgMeCs2AwVh7PdiAW2NJ+:dgaUy+UeCBoFteD37zP27onxkSqS7rQi Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\MOuCPXz89mi-vjY\otVMM3rmnhf5jzPexrI.mp4.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 17.42 KB
MD5 1d581210a4ee635ad5ae651d291e99a4 Copy to Clipboard
SHA1 21182c2c7e6742b42e90612fe5748059d8c45f22 Copy to Clipboard
SHA256 beccb18ead9c3300eb857b79abb4ed08a8790ddc208216ee978299e89d329516 Copy to Clipboard
SSDeep 384:Vj4/lEDPSTf5nXDJy4AFg2Dr9COjCBDWnJE4HSVAGDu6n:Vj4CP8FAX3Dr9rj+qJE4Hh6n Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\MOuCPXz89mi-vjY\QvxqVGcIJV.pdf.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 97.61 KB
MD5 04a39b4aec7d3911c9a2de4b091e6337 Copy to Clipboard
SHA1 522c3d3169ae74a1f052e426f905481dc09cd977 Copy to Clipboard
SHA256 a95c240ae1a7d0acc58c60be62d8eb25f5b0b46f5c872ba9fdb268c193dc950e Copy to Clipboard
SSDeep 3072:PZowWXEZ8xoEJ1oHdkXOhtqgZ+VUikKYQzsvO8xRT4CA:P+EZM3hQs0KduO8b45 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\RDb44Dd9rK\2CM4YhYz l8AerLh6q.rtf.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 83.06 KB
MD5 86e6ef8ea1682e4c74c96bc36b4dfc50 Copy to Clipboard
SHA1 3278d18dde9053ca296ac1bfeb2d858cefb3c312 Copy to Clipboard
SHA256 9705bd981c63c32b8d2e61b13ab4039bb0a14272b1b333e6b6c749e15b555f4d Copy to Clipboard
SSDeep 1536:4kmUMaJqDeC7i58ByiNTZxjFUxAayURoaGF+xRKo4uyB54ifZsOdE48sx:D2v7iqZUxAJsobF04uyBuqZjH Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\RDb44Dd9rK\elmXEFHKb.avi.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 75.03 KB
MD5 0ab9fc5187b3c5a1b88d7e20ee5e9d91 Copy to Clipboard
SHA1 6194db40dedaee5785023ae00a81dc88bf9327dc Copy to Clipboard
SHA256 30d790557ce8bbd95c4f7e450b40cdee980f0879b5847f58d6cffb140d65afb3 Copy to Clipboard
SSDeep 1536:tSt6pzk9xP0zfHymY9L0yWhvPgh8TWK4Avzqo1BVgv5IB5:Rpzk9xefK6ycgh8TOAb71B+IB5 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jsxpoY1YKzvJvBL9qPe\RDb44Dd9rK\nvikuZLJDbqJcb4LF.png.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.61 KB
MD5 ed1eee63ad6185ec6abce9e73d521d87 Copy to Clipboard
SHA1 245aa56a726180b6774423e8c2e5f10aa12ec9ef Copy to Clipboard
SHA256 c9f0d81c08fac5ff60db2c59a143027cf78ba73aa9e3f208770a8a36c147028b Copy to Clipboard
SSDeep 192:/XwwSpgJumt/zWD00tcMct7nsGPCQeV7aoWsP59qCkGV8cOiqxmWVx:/AtaQmtL600SQGP5e1aobBUraqxm2 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\11VM.xlsx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 93.47 KB
MD5 d8689dec79204d204fb929e6eab19156 Copy to Clipboard
SHA1 fbe6d727433c27ebf50267ef130f4528c27b1814 Copy to Clipboard
SHA256 12bc4a8e6b9e97a088637b8f3393d2e29261783098063b5a0397785d8e7e09a5 Copy to Clipboard
SSDeep 1536:wNxpjdQ4g0e8FRXlqTSg5fP45NS61/Ry49ImKySFGUe4Fe3kVRPNlEsD1:CxFdQGeqC+5R/VKTQUe4gUVNNlEsD1 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\1FuN-q.xlsx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 89.89 KB
MD5 590162763252963b4e42e1fda0203b27 Copy to Clipboard
SHA1 e637097934a89bbe1a66971aac07fb12d98321e2 Copy to Clipboard
SHA256 4ad9515a05bf93b9fd3ed26cc55d9e0fa5b3981ef34ae333641b472bd2ed5010 Copy to Clipboard
SSDeep 1536:wjNoUOJVnQEB7qY8uzxM9V0VJERrSwp9gLdAswX3AfvdEnFc0lq3W5o1eslr0DNd:uyUOvzqtvRr9Iyt6EFEHeOYDsqWkzkY Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2hUq mTbT9wuunMBwo.docx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.47 KB
MD5 02cdbd3657bef46e00963e2e69506dc5 Copy to Clipboard
SHA1 d2bc2c17962532806d53b69a42b474b8012ab3cf Copy to Clipboard
SHA256 c04a48bfe19cf3cc6fea2a5dcaa4fd05d34d251d7f18baef9fc6cdc922d8bebe Copy to Clipboard
SSDeep 1536:aj9WigM+y4RzXa4yBLAFerS1HZv8A964zMZGqXvc5DaNhBnPTX1D:29WigM+ylwr36pZZXqGDB1 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4wHkSiS6JmJIYysZ.docx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 60.94 KB
MD5 b0c402fb9b492cf98fcc63b4d318b49b Copy to Clipboard
SHA1 0877a00a3853c340c7ed45f1cf0561b744d01bab Copy to Clipboard
SHA256 1e790a5f3f9b866422c4f2bd49d15b2a73e78f751c4f2237f2f87cce7c1b22b1 Copy to Clipboard
SSDeep 1536:ITsTWu4FyFswuvu+GqiLU0hN5DWG8f+AXJdlBDpx1UEjZIbo5mqaW:qsOFyyvu+GqSU0hcf9X/HhogyW Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5jLZ.docx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 62.17 KB
MD5 d489666cd0ee13f332d453abf9ac6e2f Copy to Clipboard
SHA1 a0b440bf0d631ead841a0d1c20a32b04bc90de0d Copy to Clipboard
SHA256 3ef8245d713b56b7c9cdef5e120db2bcd92947f0efee4325ad211aa143f1387b Copy to Clipboard
SSDeep 768:uMI480mACCnVl7b65Fj6jHDS+ohkX/uYTNr+WEbYth98xMS8u+nexoVOpwenKBLl:S00CnHMhkmY78xBqexoVOOwKSM9 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bIvxgPPgfqR2ger9 7m4.ppt.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 22.86 KB
MD5 a22302eccd29514861747ecdbf68333a Copy to Clipboard
SHA1 283d8f892621ef62363b3032cb254cf8cd7629ab Copy to Clipboard
SHA256 168e91060396865f08eab5a26252b3e4a390e72ff3844c96fb3ecdcaaa44fc49 Copy to Clipboard
SSDeep 384:+xvW+USVxigTlBky23YFy6xPuRBv/Zv+oU4ZZcv4xNq5lSB6dX4UDOEuKhtR1:+xvjxTpkywG3I5hU4ZZcv4xo/o6dX4AZ Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bR4vb.xlsx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 77.78 KB
MD5 b06782c59ff3088b2705fddaa61a0a1e Copy to Clipboard
SHA1 50d5caebc339dc3ccd270fd3316cdefdc176973d Copy to Clipboard
SHA256 85a30730073030cbbfeca5b6d4d5ab298fd3d06ecff86fd09b3c02bfb16dc774 Copy to Clipboard
SSDeep 1536:wSHuh+/DAf8D9e7X0Y/36dEH+AUSOGoWF1ZMlCzdgiqKrMTgYULSzD:Uh878N362hJoWF1Zxz2iq+tYULW Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eto VRLSpMhjc2un5j9.pptx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 56.20 KB
MD5 587baf8154437222ebc38564169f5012 Copy to Clipboard
SHA1 9cab7b1bde28671445706e81fe8a58ffd7b0058e Copy to Clipboard
SHA256 3a39b60d1436ed8fa5fd42903fe43cce284b396fc85bee01c56badc427cfa417 Copy to Clipboard
SSDeep 768:ohfH9r/YZ3UkAReDqqNMGVLYmRuzeVPmeztMV/n7WA63Co0jrLrp1UNOuNotDx:oCkHUqqVLYOOey/6yOL6Dx Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSuyuu_TRVaEomc Gm.docx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 57.34 KB
MD5 9ab65e3dbb76b75499a4c535f2a50278 Copy to Clipboard
SHA1 1d7a3f7c2acad285d16da986ad358b4d8e118858 Copy to Clipboard
SHA256 e1098616474692218562ba19a15212612cc4a3cafcbd860f57206cb9ed8226b8 Copy to Clipboard
SSDeep 1536:f2CRy7uHJfqAB0lgX0DsxbPEORyoY/hhuHp:gAylcaORRp Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\myHjkxt4wJfuPmPcCJ.pptx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 95.55 KB
MD5 23423ba6f3233f1c93ccac8ae4de5a89 Copy to Clipboard
SHA1 b1d77e62f6a055f9111400227e1960968814ab2b Copy to Clipboard
SHA256 54c7b1ae42a12127b20554846209b486cf72ef2eb5f987b08f0facdbce7bc2f4 Copy to Clipboard
SSDeep 1536:DzGG2kSeBvLirdlkg9YAFo4rNKbdCtbtWyxFh3O8AIImtQVFgKE6mV5A8SUJPU7q:PnaeB+dlZpFoQ7W0n3a22nhzq9LetTaN Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\oAR-plei1tF.xlsx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 90.61 KB
MD5 f0b59a0321ddfb6935edb7eaebda7a0d Copy to Clipboard
SHA1 c17b3de480a90a2a9fa9585d21363330c348e602 Copy to Clipboard
SHA256 2069508a44b5117f6ba0671677298c30215e8a760bf9741582d246ea45d36953 Copy to Clipboard
SSDeep 1536:w7CACvmTRkBztXDWCMGCQZc+eWZIIUO15Vc48uZ0vz5MHnwFKmUX83kOUR5F268z:qCvGK1a1QZ7eWenOBf8Mi2e1kO4C68AA Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UUH1LJsblXjm-cEvB.ods.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 23.14 KB
MD5 30ca75ed3a8886816c0327a1e771a40f Copy to Clipboard
SHA1 cd7d86b67f95ef667663eb9fa39d6782b19d4db2 Copy to Clipboard
SHA256 dbb25d1b12ebc2bc80ceb2043cb63afe9f27fd26f3092d2de000bfb8610246a5 Copy to Clipboard
SSDeep 384:/Z30DckVZh84MP8cQn9x9vbmFtAa76i3Ifm+S+NIKiC9zDgq0iRUX/qcsq:h30Dckp8V8tn9rDmTAa79IJHNliCi5/J Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDNq1Fc.pptx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.83 KB
MD5 f9c955026ecad62bf7d61f43af0df33b Copy to Clipboard
SHA1 ffe135e42327279cc89d4065bd93f5f551f32422 Copy to Clipboard
SHA256 f05e74e6b5b4084676645f3c7fc2d8b37c32ef0a241aa89625bbdb86ecb65678 Copy to Clipboard
SSDeep 768:k1fkSgtHA2vwiWSm5jbWVsXp6mbk2I5WEl44l9bHaBpaRwn9CWwXb0cre2qNG:skzVtsXCVap6mLEBPbHRwn960ctqNG Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xmtEMMSRPM3ElQFCzdG7.docx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 7.00 KB
MD5 21c62e88cc137f94a3924f10dea3b9c0 Copy to Clipboard
SHA1 dffae6593b94ad5a818828e7343e43b8c5876ffa Copy to Clipboard
SHA256 3e6317057cd061a8d1808c5c862650c22018fb2c60c8d3b3e5221a3434e715f4 Copy to Clipboard
SSDeep 96:Mpp98lbmSsTTtynyecDDo5SVadPlOsmK9e8IRqMhUB7v9ZnFBwF+0O6GlqJW4s7r:438VgTtyyeUDo1oA5wSZnPwF+96p84sf Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9WPuenuZqIM4vN-A\9m8wd1cFisnHp.odt.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 69.89 KB
MD5 e9d5c311c5f89e0d1b05f694f8c5ffee Copy to Clipboard
SHA1 7f08a6f95fb0b3229bfe285b502b0ff3655ac968 Copy to Clipboard
SHA256 1f42585dacbbc4ce640247fe55cabd48e373c0664d180c1192d2752e9f0db324 Copy to Clipboard
SSDeep 1536:P9CnHWJ2HHxdyC2SRbfNdmZhsMKm4F46ZuqUz:1C1KC/bfN8ZhsJm4F46ZNi Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9WPuenuZqIM4vN-A\p9f8E6RZEt5wp7DlD5.doc.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 58.86 KB
MD5 8bbfd9cb56b0856e7e425ec9b86b6e99 Copy to Clipboard
SHA1 2facbe9c88ce22b39b634af91d326afb2f118837 Copy to Clipboard
SHA256 4fa7c693535d2917cb67b2973b547233fb78e84899217b000432afa9aad9a0be Copy to Clipboard
SSDeep 1536:szg6HfGJBZwNr9VeNCnEDSc3LEzTIHzFB+Vv5C:P6OJBZyRMcn03ozTIHqW Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8ehXLpV\7fWOePa.odt.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 7.88 KB
MD5 d9f3bb24982cb18063743bfa1ac93c01 Copy to Clipboard
SHA1 bec10771fe2589b440e54f561b5f8598bbc757fa Copy to Clipboard
SHA256 4f6e86c1188b14c7eea0faa2859a316efc3cff6e1ba6b28ba5011045bbc84a64 Copy to Clipboard
SSDeep 192:KVK2QZJHiB323HY24/Wgb4KJ5eb45T3OVYVcZSz9Oahl:vfCs3HF4/eKJ551SOXz9O8 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8ehXLpV\G C44My7TVRoZ.xls.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 47.02 KB
MD5 d3f37af5fa6476d856ff59fa33d8b858 Copy to Clipboard
SHA1 14d82d0c735dc4cc57fdff2f671b61cd9227fa31 Copy to Clipboard
SHA256 510a920e3dfb87de1e65df91f1a5881658985b32ec023f6f428d7e9eac767c39 Copy to Clipboard
SSDeep 768:yE2pF0QiTNg9WxSBg3YQxmmzg5T7egzHU0x54k1420PcrWhR4gQ4Fyby:yzpFWpXxLmL5+gz00590PcraR4H4L Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8ehXLpV\tQtVs4Y01Ust.ods.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.48 KB
MD5 b8a28628f0f2d2b3f11f8e066bee9d74 Copy to Clipboard
SHA1 80e96b32507b1b754d56e6c048e3719fb93e4c2e Copy to Clipboard
SHA256 7f9ff5c3159dccf2958272d7929e057632dcdfda2b0259fce8ef4b0c35125989 Copy to Clipboard
SSDeep 768:23My3g2NW8BooMHYQJfqgmJ5vQC0gocUtGpNRx36F4FrP5lLQ3SpXEoOD9vffZ:2cK/NJooCqgbJchXUKnLzpXEbZvfx Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\DWiApHi4r.ppt.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 66.34 KB
MD5 f11bf0570ee298d041333cae35c476b9 Copy to Clipboard
SHA1 2ddf1b8d219ecb5ee7f208feceb91183be9bdef3 Copy to Clipboard
SHA256 d1e0195370272d607270f5623a7e12938afb177da316d243bce4a5b9c2ab0ee5 Copy to Clipboard
SSDeep 1536:Ih677oqz/8MsVa0f4uiTWTjk7X1XMchkr8OKcRKL6WorxxMpA:l7MWXWv1jkhJkY76WtA Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\uWvs\Z_PB2v0trtHk16xg.ods.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 25.61 KB
MD5 2be1220aa8973fb5e4216727a2e3ae4c Copy to Clipboard
SHA1 4de092d52daf951821e74ece372dae110a63bcb8 Copy to Clipboard
SHA256 dbcdea90bd1980a4b05e9debaa0bc458dd9d5fcd704ffa045e46d2ae517ec2dd Copy to Clipboard
SSDeep 768:H2hXEoGnTC3+OZY/bopsBs6MdQLkNutKcn:Hm0o13+OO/b7G6Md1gKW Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\VSLfJ7ClI4LjH\eNPEV.odp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 15.75 KB
MD5 42268576fe608160ce9ff68e15da5231 Copy to Clipboard
SHA1 a52eeff6e651b5913c0bf10100be9cd0643a0008 Copy to Clipboard
SHA256 f1dd314a3dcfa5450a3c2e26752ebd2350edce1328e139a917ab43e1e50275ef Copy to Clipboard
SSDeep 384:nT6kUQF4cH71Wnu2hdyIbNX9qn6G5V4xhLSmVwLMu1r:nyQFRInulIJX9qff4gmwLj1r Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\VSLfJ7ClI4LjH\qNjd.pptx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 32.22 KB
MD5 94d7aea995cbcd4375f0971ea8680746 Copy to Clipboard
SHA1 70a21b152980c73aea746bc09a76059fe8dd2416 Copy to Clipboard
SHA256 012c49a0b59f68e1741f79f3bff049903bdb67a7a9dce7c7a3d850d37c36b829 Copy to Clipboard
SSDeep 768:tGs7PxaP1pvHsF7wMhu5rBPF6awMTwlR07zY7gJ:tJxypvQZhu5rBtPwMMlC3Y7S Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\VSLfJ7ClI4LjH\7pK fJX\PeI25iKPVw0 S0r.pptx.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 69.95 KB
MD5 f646745131933d05f1876a8b09b264c8 Copy to Clipboard
SHA1 f5b066161ff0529cc1fb2690d831894f8ffb49c4 Copy to Clipboard
SHA256 a03ee129b5cb6d497fe3bccca481281d4176958bb0e3b0a4d667cfe5968b4bb0 Copy to Clipboard
SSDeep 1536:Du6QjhMKzTtPLK5VmHl/KqXFiprezkFA/Xv3gzwWg0JgZFxQJ:D01JPO5UxKqXFMrwkFSXfMF Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\VSLfJ7ClI4LjH\vukelW3L\FZh5.pdf.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 34.89 KB
MD5 e9a5d1e913e395a25c0f91f43703bebc Copy to Clipboard
SHA1 dec55a664ee923016a9cf5d833675b881b000b18 Copy to Clipboard
SHA256 cc50449811c89315191ce697f911bc38a78691b38b31ca38ac663ea06f84f1be Copy to Clipboard
SSDeep 768:zU5RsUeeiVCoR2CYtSDeipDJsgbMhXvzS1rnfL52AbHZrPyp:IYZeiCxCYtSaicgUXvzSnT5PUp Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\VSLfJ7ClI4LjH\vukelW3L\YtY919F.rtf.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 25.47 KB
MD5 8b7b415a43a451d7fec7376bf7399a29 Copy to Clipboard
SHA1 b8f4859dd2e4ba92508749f2be06c64acf70c3d5 Copy to Clipboard
SHA256 5bccbeabda2467b72afe626eeddba4605088caa1634126064332f7b55c213409 Copy to Clipboard
SSDeep 768:Rnul4/ZISG1CCT5/tuPtISa3/NsCyFWPh0R9uyFfl:RnmQZI1CaNt2tnu//yFASFd Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\zC2rqa\0s6T.csv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 61.83 KB
MD5 b7558c2b2c30a9c054d5de1114444441 Copy to Clipboard
SHA1 dfa02d65157460bcaedea6e80afb12a4a7c421e6 Copy to Clipboard
SHA256 5964d6b0a3f59e167c908a5357c0f366f4dea0d8c50bd6d6489b876b7a862fad Copy to Clipboard
SSDeep 1536:LsyySECLvBK32OPCYIpwLAB/WcHz7dnkOumzY1kMgp6z/b4ub0KM1l:LsypECLvURNIuCBHt0qY1YaB0x1l Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\zC2rqa\C0h0BsrtIYBYB.pdf.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 94.02 KB
MD5 ab5ebb163559d56d51899f283eeb8786 Copy to Clipboard
SHA1 942caf5e155ec36d32687f8f8efa08f16db0493f Copy to Clipboard
SHA256 8ff802ff664bc31be82566556686da0e4d2a147deda9549b5a8eaf4b81bb3bf5 Copy to Clipboard
SSDeep 1536:qgHt9yVMlgW6DflAP3apJtxgAVCWlCk/xEj06OZ882JJii:qgHryVHlAfevVX9xIGeii Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\k2Sa4D_\lsTyms5GaURCmkb\zC2rqa\wKuI7MxNILUH Jm.pdf.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 81.77 KB
MD5 3869601d588183bdc1bf2558817dfcee Copy to Clipboard
SHA1 67b60946f986c3b3519e2da056064fb235e06e7a Copy to Clipboard
SHA256 c04dcab20a8dd9d3df908fa074be497fe9dccea8a1168be85fb9a63450ea318b Copy to Clipboard
SSDeep 1536:gJtyAzqd8f6vOzp3HCjswS5Uksucut9GVmG7/yjDc/KuxAZ2mW1pBAYjh+:cNy8fGO93HQRSUkvc0VG7qjDcdx1z1Z4 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 265.02 KB
MD5 47250ec7639d457f87b56a70239f70dc Copy to Clipboard
SHA1 8ec9b99469dab51ad0bf4149f81a26df9b8ed852 Copy to Clipboard
SHA256 bbd7fc9b72ac782e8d1f387cd902a94d3f503937e4e04f085f863162b561e77e Copy to Clipboard
SSDeep 6144:12ZbNM6ES6FQ342EfAeVzcv49IT/e309OlFkfzDoJ3o6:AZNMaNqd6+agH Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\-fET-rY4ggjPUOM.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.25 KB
MD5 98565563c9587bc7275df4e813863056 Copy to Clipboard
SHA1 05f214e06cff7698530bcfa7ce5d172fb3e44620 Copy to Clipboard
SHA256 232c860ac4837fdeb49978535c85116a2958c5fffeba87a7fb10814a798c5fbf Copy to Clipboard
SSDeep 48:gDYJR+E38ovRvn1bxuiXFJ59NiNOU3+g4ynfax9SLJxhz5QWF6X:g4R+Esev1bxuiXFZUugoKJxhz5QW4X Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4Q4SWeY9qo.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 53.39 KB
MD5 3836a4117176523c34cf64ea5a1102a6 Copy to Clipboard
SHA1 97e6da53e2e6a8e3ee4e0c10c9308be9519893c7 Copy to Clipboard
SHA256 345c8e8908cc5bac1e2474694cb79b03036a1234d9890a179824e30738da8892 Copy to Clipboard
SSDeep 1536:5KN+H/sNlCDTboyU0/e+C0431SN1CVdIA/18:zsPC+0/e+cuq5S Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\3fmZlqnydz--rFSZ0e.png.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.19 KB
MD5 7f41bbc997ec42463330c0d88320405c Copy to Clipboard
SHA1 d976c2e9f6c317e3635a27a34943abcbbc93ceab Copy to Clipboard
SHA256 f1baf2759859bbbf019918338fa41cb4927dc1f917ff04d1e764ce485cb56835 Copy to Clipboard
SSDeep 48:/ypJg/xqJCD+U+yohn1DBd5C6dCRI8fLjB2BR9CuybdlVwooYn7cNMyFurGBh3Al:/Tus+ZzjtC3vBu9GtwV1MyFurGslLvPP Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\943P.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 22.94 KB
MD5 3afb86c09cf1c5ff86d8480fec45d589 Copy to Clipboard
SHA1 4aa56ce1d8788be584fffd319c9d8f4ef3f5bcbe Copy to Clipboard
SHA256 2f2fdad67dea8752ed3cb117773f40cf561a9f5c501b8ed094dc6dc27a06c00a Copy to Clipboard
SSDeep 384:qw3gpaOyLCXp2OLAqStz4nyq6IEBJR29RyPKa6q37zYjaSv8GmSk0uW5Ji+EHB+u:quCXnLfznErKa6q3fYja2OlaJHEHB+jq Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\aIkdHeaXAgm.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 87.38 KB
MD5 9bf726eec7ced53e7ba5167e9b3cc3b7 Copy to Clipboard
SHA1 dcbc999fe7febab099fe07407a43872081e5a3cc Copy to Clipboard
SHA256 2f9ce3b3f3d8eeea7a10831b38ceef91d3baa80605f7467508d4f80f3d28fb76 Copy to Clipboard
SSDeep 1536:DTUYqkk9CBUwbUiDV2XnUqqDrD8o8i/BfHyYioMQ8Qu1a7afQJAwEHvWPNr6g:DIYlpUgfDVCUq3o86fSYiJHEOfQJmvWh Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\DBSwpnw8L9KL48WE.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 48.94 KB
MD5 bd243250d633241834b55f939a38238f Copy to Clipboard
SHA1 a3a1d861f30c59b813d6c2d3e83cd00979b452c1 Copy to Clipboard
SHA256 2db8bd69a140304de4291b9fa1b401d94277bcc9728d288159056df16e408fca Copy to Clipboard
SSDeep 1536:Oz0JKdilFoBochSROAk6ep+tbb4uumr2So:8zdiFlEAS+tbcD0o Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\g8lGYKa79U4I.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 69.95 KB
MD5 b52c166eeb0673aa6316a2fcb8ff806c Copy to Clipboard
SHA1 53b33ef18fa78cefd5d1a5f2e2ca23ea71d6180c Copy to Clipboard
SHA256 6d121f610a2626ee9a55e46638691dca625668e18e472400e2e1ebf4fb818e19 Copy to Clipboard
SSDeep 1536:ZQM5MmQxPW8H3zlsyCaCYYSCcLXWQnCCQBsp8HMOK4z/HDtvxS1JzGggIYkhh/:6M53EPPXxsyCXPRsmQnCVBKDyz/HDTZq Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\wJar93GJbtl7rx-pdsU.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 88.20 KB
MD5 7c6ecc00ccd86827c18bbd5c3b2aab29 Copy to Clipboard
SHA1 0fd3fc2c774748fdeaed2cf7b5f38a7acd57a4c4 Copy to Clipboard
SHA256 e0b3ff21a7ffcaeec6d98465bfe1806bfb2b546ab52ae32a1767b2b30c74f87d Copy to Clipboard
SSDeep 1536:2+w621q1vUMqMn9c0VpykG53dzE5XcfkpPXO3de/bqAFB/xkJTZxga:m621q5f3/6kDccPY0tINxV Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\z9oodS7dFC_qwglO.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 75.03 KB
MD5 4f281f7047e3c7e3d41f2e51f694203a Copy to Clipboard
SHA1 c17fd931fe2d20eb9ea70782f7c004a57fe83c0c Copy to Clipboard
SHA256 d9fb591deb8b3de4126260e6117109656675d69891f135b0db90a9ac3dc6a58e Copy to Clipboard
SSDeep 768:5490aiqq4T6vl6EGlLmSCSbE1m/nloqEMzQr1x/15uJiqujofD85Ll5QIXiYQXgP:5qd56dd4CsEMPlQR9QhHwAClJQBLzRzk Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\zN19yN93ajhb.png.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 51.28 KB
MD5 57840ed4f611fd05ee66db25ab45b583 Copy to Clipboard
SHA1 8c14ed80288235325ce8e12787d9adfe8d179113 Copy to Clipboard
SHA256 d15388dfa0d59fb4dbab7473a08c718393a920daca04c6771123488b58ad4274 Copy to Clipboard
SSDeep 1536:usJ+k9YdFTOEYnwpWeoKS2txZbPFw7BoLF5K4v:BTGdhOEYwJ1b9gaF55 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\GQ-DG2UB\8-Lq8dvj.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 98.09 KB
MD5 894dfdd932dde96440c91fbdce61e874 Copy to Clipboard
SHA1 9603aebbdc5152d609f5ff4bd7657c261073ed03 Copy to Clipboard
SHA256 368985908f22622db126fd4772e297ed7d640fea29014b1109c4c4f85f3b9432 Copy to Clipboard
SSDeep 3072:LHYuhipYrwyU2gJtkFsMyjaJuXSz47MOraLdO5Q9aXqmtNbxM:LHXMiwyUoWMkigr+P1mtPM Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\GQ-DG2UB\9VXxLKj.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 35.73 KB
MD5 6a925e9e223e9bea45e71bf288ee3ead Copy to Clipboard
SHA1 5bae79db1cf24257125126099c1f4454952dae5f Copy to Clipboard
SHA256 9e2e60914c0922cf35ad92ac1b1c0175e9d249c37e570f0d9e94947e30db5e59 Copy to Clipboard
SSDeep 768:6Px2ZQv5Q8wLaHBR391wthg1Zwu6d+coU4CTTjbKRehZCJPBr8TmB:S2av5Q/2/uuiu6V3TjGM/CJPBr0M Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\GQ-DG2UB\a4ZkuGrqBUSM1yp5mGz4.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 48.64 KB
MD5 8f376a6ea394bdde7cdec40ea7d37c83 Copy to Clipboard
SHA1 5bc72b6a83375486ef5527259f64e44132dfb8dd Copy to Clipboard
SHA256 4b95cba623c16dc0db82bf6cfa1e783e0ff7eb97254701f8607fea10f83c1bd3 Copy to Clipboard
SSDeep 768:qluLqA/JhKNA3445yo/HYFaqHPmb2wKRhLxhwBaiZHHQZPmQYgNfCMqXZgD/PEFq:0qh/J463HrHEtvzwKR+XZnkmQtZ7mg9 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\2vEDHmg JrjukwnrRv.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 59.17 KB
MD5 b1ab01af8f74485e32e2cdb44102c1dd Copy to Clipboard
SHA1 dee4aee784fd0fc9cc52c61f9a6adf1b2bbc672e Copy to Clipboard
SHA256 207b3015522dd33fe5b74b551a03fe6c013b2f03aad911f6f47e82ee85f00466 Copy to Clipboard
SSDeep 1536:f2PwD0ahn2Z9/Pgz2nnUYbL04VDekbHQU6wlkCxB26gm2Og:+PW0+nIP4+nUYbLjQkkUBlNxAZOg Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\9HJlgSnWWLm8.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.41 KB
MD5 f19867996d522ef42857d15a593428f7 Copy to Clipboard
SHA1 d36c8b44ba693cd23f3861a42ec606fd10d10bc8 Copy to Clipboard
SHA256 7c596975114f2377c5c6c1c3f4739e611cd12669abd84b8ab2abbe9808e1c998 Copy to Clipboard
SSDeep 96:um9KGvJ5SXOePmlj/hCElWrXNXHi8N8vHNW/xN1jCGzM78ws+cTz:LwGh5N4a7hCElWx3IHNyNu78wOH Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\f6ul_-DwAWZ4xtW.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.20 KB
MD5 ffb83c47ada0f868d84cc4f76d222e94 Copy to Clipboard
SHA1 e1de148cec15b1c6d3bf7fdd12da707b8f5d1009 Copy to Clipboard
SHA256 63d0e14b58c68d6a0d07c208caa49eefcb4bd5437c0624a5f3773eeaf8b76d8a Copy to Clipboard
SSDeep 192:/m/A+88C5C6LYwg5VCKOhMoEJ88dEK3OZ0RwvPS3SQ9PVYnlFON4:ei8L/7ZzoQ88dTOjn+VYnlFA4 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\IrFgwa87-saCXEw8ZyTY.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 79.66 KB
MD5 e52f94879695ba889227aaaeaa7e70ff Copy to Clipboard
SHA1 5fc2b5d3ca835db075778bfd20c86e5003179db0 Copy to Clipboard
SHA256 3446fb5503f4df72a6b549230ee696130778e4b45e72a9aa8caaa185a0fc8ec8 Copy to Clipboard
SSDeep 1536:scuVP8UisJxCTcM/LCEYnBOU+VaxpI4ZqWC3Ai/76JH05XyksT1Ae8EKZPWyHDZz:hckgxCYICBuVR4lCf76y5XyLiedKZPjp Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\rjSY.png.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 77.59 KB
MD5 5f1d10e68ab19f3c78945ebbd3f8e0b1 Copy to Clipboard
SHA1 cd5774e391ce63494826c8393262225dd0b32d1c Copy to Clipboard
SHA256 f1c4168175afd66ef00cfd7be3a4e5f3a6920dfd69d0234f705b08c4fb187385 Copy to Clipboard
SSDeep 1536:P2xkGNFbP6rMsGKSaFb78hHDyOti7gbS0VFDF75KHjp01qkGPZioT/UuzGU89hQF:FKjsGTs78hHDyt7ozVP7oVPZioTzChQF Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\Yblqwcj.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 8.64 KB
MD5 d8b3ee155e91bba9d47f232725b4c867 Copy to Clipboard
SHA1 dd9450668f9d176de803fdf167a781007dc187ba Copy to Clipboard
SHA256 f120577f5b600f5e7d354768ae2332ae9d429def9d95de65c50c126d1a48e8d9 Copy to Clipboard
SSDeep 192:Tb9h+BBdhf+qDB9s3MMrevW1eY9Coit8yGGP8RKwn637:/9h+FhBscMHCoitkGURKwy7 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1EtVbY\9q2Fxl2L_TE.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 24.44 KB
MD5 750ce26c8a0c16a919c7352902539fdd Copy to Clipboard
SHA1 5e3764d113a7f6b946d0399a0821f8f8a4f74b8f Copy to Clipboard
SHA256 882dd1b26dc8c61ee065f343015524b7e0ea63b2dfbdcaf04a1b25ea215df27a Copy to Clipboard
SSDeep 768:7Cr5S0KIklisGbOusAJ4/wlqmWpxJnmrUaLR/:Wr5vK7Qqf/wQmCxpmrFLR Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1EtVbY\aA4iOylMeVt0.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.16 KB
MD5 05ed17d25b198cd2b58bf9f59f3e4f6f Copy to Clipboard
SHA1 62e1e661639806a9a19a1d3ec27585f1df60fe8e Copy to Clipboard
SHA256 c489372c3ce84b2915f3779a9a7c8e2ee182aea492acafa0f3a9583b5951e58f Copy to Clipboard
SSDeep 1536:PQjZnEfPN476k4I7BgDUtdHF8ER7v6yIJGAfFPrwXGxPwm:PwEf8djHGET6pJGAfdgGxf Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1EtVbY\OEnylF4d8B.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 92.14 KB
MD5 3313fd314ed667f009ddf04151e40958 Copy to Clipboard
SHA1 d760917b035c82c5e0b069c608716d63797e4a24 Copy to Clipboard
SHA256 d221fda6abb688058b7d00ea1d02b37aa09983409282e241b7a23c453de965d5 Copy to Clipboard
SSDeep 1536:4294JaTdbhiigUgqNmgNgutKd2WobBDufBPdzF5+jHVQabUpZfa3maYjeY32F4dZ:4iKaT5PgUgefr1WKAP1FGHVbUG3mPycZ Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1EtVbY\pMtrFrtAxQlwILBg.bmp.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 46.16 KB
MD5 50a197f0322126836eb5b7d1d93e21ec Copy to Clipboard
SHA1 670fc360b809e9103a41151f2cccc37d1b332ba5 Copy to Clipboard
SHA256 e9dd57af2dd12f71bf95263349f81f9a8c96fd3f158475d69ea285ed04bc789c Copy to Clipboard
SSDeep 768:kDU5ddNx0z8khiygMw3FvgTj4wI0Wuaf3XMeJrVcqZXJPfc1jVRLhDJPyoyZkv+g:fXBkMfgTj4OWjMyr9NJc1jXLlxyLZkvB Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1EtVbY\QsaGcNHc5VTknNh7EF.jpg.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 69.06 KB
MD5 dad6693ca719907a8f6ce240d65fd832 Copy to Clipboard
SHA1 9986c82fcf918ca38768ce0df73a7fbb9fba6e93 Copy to Clipboard
SHA256 475b91e92dfa6c2d68fd5138a197a6e52d0a7885b84b952d4b40de68362e9d82 Copy to Clipboard
SSDeep 1536:2/Lot/mX4UQa7a9AKnBUoRbksx4icNfySobz5iU1cCy:2/cteX4UQa7a9AKlnx4icNKdQZz Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1EtVbY\s0zYn6qMR6.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 70.75 KB
MD5 dd391e67eb93c2decce4bf7d9d3fef9d Copy to Clipboard
SHA1 07ae9c93b44890fcd5dd09ab33c368b21a542932 Copy to Clipboard
SHA256 ad9e601baa2416f1051e7297544231407e6c5ac06a41db43b853505262410109 Copy to Clipboard
SSDeep 1536:nvACShEP+bVhm9yIlDoYjfWnJiHAJ+dtoqTDivI:nvN0GSVh4ytyOJiHA8dFTWw Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1EtVbY\tlUfGk_lG0njJIs.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 48.59 KB
MD5 72f612d64536b48935f8954eef479967 Copy to Clipboard
SHA1 11c612b7719a21b4061c465d1fc753b08b38377a Copy to Clipboard
SHA256 c05d979aad89a7f88f48845e2a3ff27c09364623854a3b2bcb22ad2a1b62a790 Copy to Clipboard
SSDeep 768:wGv9qf9alm1ej95NoitdEPsQvMsyn23spQ8r/JXIMGccy5HKpI9eKcN6RF:BlLlhGitrmsxr/JXHVcl2F Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\q1e0Lh\unzJ2n5 wtQ ylSNmAh\1EtVbY\WVlAX.gif.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 98.84 KB
MD5 226f460aa82c77a1faf31ff04cde1a93 Copy to Clipboard
SHA1 9e87bdd48a78fbee5724ab47d4778a99d5891ebd Copy to Clipboard
SHA256 e0c5a1c4830fc5a609b0f81793a8f60494adfc787c7677e91292951381a094ff Copy to Clipboard
SSDeep 3072:IjwdL25DlrJo4+4SjBUpB0qq33HDsmO0y:vElrDAjBG0qq3XDXOT Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\2RY1qwGO1PYvSd.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 76.50 KB
MD5 cdae9da0c98e3bc210fc5359216dae3f Copy to Clipboard
SHA1 f5580e6a7f60d763b2cc97993df37b5a25915340 Copy to Clipboard
SHA256 a02aec7b6258fea73a810148b4730e7a4f2c66d45c116361259a9ed5abcd9919 Copy to Clipboard
SSDeep 1536:v5fvJTcKwcD7PLa+RNPnXJ+y6pjmf2dL5yD0+Sg5DW:v55cKwcDLVTBFuKudL55g0 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\48 7F_dBVzHr0WGmP.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 77.09 KB
MD5 d2ad5345bef373f8dcfc3c3b57075f7a Copy to Clipboard
SHA1 3a8f90723c004db07ffc4358399a4d75631b25cd Copy to Clipboard
SHA256 c4bc0a95de8ce3c077063ab016e46a3e8b938f725d42a9bc0ec604cdd638dc7e Copy to Clipboard
SSDeep 1536:fSf1/HXeddUyT0G7gvQHzOACUI8yUi9101RYPv8IWUWGrgOiH7HG:fi1/OdaY7DHzPKb03cfI4gOibm Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\eGSf4ILH6.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 70.19 KB
MD5 126d17445c2490d4e81fecd7630c8dcf Copy to Clipboard
SHA1 57f475dfc01121075260c9824eb00ba30a55a71c Copy to Clipboard
SHA256 01b777f4ea26886d76cdfd3c4876005a61d974e37605197c0fc84e7e3f04ebff Copy to Clipboard
SSDeep 1536:HF9uOO4+VgRqDNI1WultPDOZrBWxKNoB17yoEhbstJ:HP9+VgIDNEWultOZ1WMeNyokm Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vEvu1fITYJ5zVSxKX.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20.14 KB
MD5 ca7ca6f17f29e95dfdd6186519b167fe Copy to Clipboard
SHA1 cdcedc57798becc4c171a207a7d5f080f029bda0 Copy to Clipboard
SHA256 083fe56899b63525deef42e2ff1df7cbd2418ff2f885099787593569b849d031 Copy to Clipboard
SSDeep 384:FqglSbcqeKReIEZly0M5XXIP+EjELn+jWpnojS4dvCT4Gh76k:FqglSbcFkeHe0MdXImEoj+jW85GFL Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\xfHxRhxRdLTmQ7Y1m.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 30.64 KB
MD5 cf6b29c381a92dded4650210da68b2ca Copy to Clipboard
SHA1 ab7611cd60eaaf2540fc41459c194e676d6bcee4 Copy to Clipboard
SHA256 e7d512a1abad07447d1599cedfbe9b756f8ca12917c4eb41d05005dced8333cb Copy to Clipboard
SSDeep 768:kpmkEdgk/hSbLKMujjWrRt/eV6V/HKuUbWG+SsKEH7IDs5DEWe5o:kpmkWJhSXFu/sFAIvtBxbIDao5o Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\lqQ_HO1N\-XTDJ.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 40.28 KB
MD5 2de4988cb377c6b1f3b60bf04f57e167 Copy to Clipboard
SHA1 ad73b3219cfc95bf3570d7194d3cec0c7c41409f Copy to Clipboard
SHA256 0f1873b818c8943f258104b8cb8db9d1ba8486e0e443398f8962e41b8141a4dd Copy to Clipboard
SSDeep 768:ZOvdmALVWMN3YHb+H7dp2dtRL6vuJ00uXbIosd+zJ1xk8h/L:YvQibCHbKCdLL6vq00ugo9w89L Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\lqQ_HO1N\5rDko.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.42 KB
MD5 6849b738c0ec430eb09a094c3bc9d2cb Copy to Clipboard
SHA1 a93a5e26e93de7b9d002aa5a95479ca3d59c1749 Copy to Clipboard
SHA256 c728406a49c338567f527c4aaa1cff1a1b045eea7db19bd4429c92cebe929f83 Copy to Clipboard
SSDeep 96:sUDokyZ1N0GdsD9U0kWzZzUZwa/y4FOx3BHKSyskFB1+f+Kmb1H:s4mZ1qXDKt6Zz2OJB9xKXLKm1 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\lqQ_HO1N\B6m1kz2cbqIC.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 31.72 KB
MD5 716686c3ccfc255ccabc32603d798352 Copy to Clipboard
SHA1 76157ae51820ea823ba60059f91f8f590c8f38c6 Copy to Clipboard
SHA256 53ff5c86c832a98451c4e2966ac5cb1092229cf58cbe9f93ebb5cdb0a90bb003 Copy to Clipboard
SSDeep 768:dla9F0VL9RbuKkao6hM6cGCWCbWnyiz0jIDR:dlaizbuiXa6cGfCbmd4jIDR Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\lqQ_HO1N\PVcQ69C.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 24.56 KB
MD5 fb03cf3fdc8d123f75c2697ffd29fb0e Copy to Clipboard
SHA1 2130bbbc8308bf65f4ffb86778b75b809305d3f9 Copy to Clipboard
SHA256 fbac6ded5651b985ae95589a2022814e4ccc34fd2aee9e2de84b4b68f03be8e3 Copy to Clipboard
SSDeep 384:ekgek3WCKFUZhb2AOYRuVYgPF2gFrnlmIartHTahwOkqVhuJhssHHAxs3Y:Zvk3WYT2mRuVYgPcmpar8zr7mssnAx+Y Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\lqQ_HO1N\PxXAZzP6tEkONnOc.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 27.67 KB
MD5 af5622675d43e924d3e4bbc366b0dd9b Copy to Clipboard
SHA1 eec3c7019b8ad268866b3d22b4d6cd48b76ecf7b Copy to Clipboard
SHA256 1d4f26313929d4db45c3984963b216b0eae55b9a752fd79eac95c50e760cefae Copy to Clipboard
SSDeep 768:ZKGIVPIv8tUHR8PjFfjlRzvYQnirQ7ejZMYL:lIVIR8PjhXvYQir6e9r Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\DJdkPZB.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 63.30 KB
MD5 2bdcdb43ac94b51a977a5eca03661d36 Copy to Clipboard
SHA1 482425254215294031378ef61c543eca5220c0b2 Copy to Clipboard
SHA256 66727c25722511ab2372abaac02a60ac65f176048e55ef1d63594f90bfe2adac Copy to Clipboard
SSDeep 1536:FQe0443Ff10DDL+mVqoaynaUn/cCNvN44wnA0a4PB5piHds:o4ox1eL+bxynaU/cCbCAe55QHds Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\rwv6vbsHRQdcrZ.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 63.66 KB
MD5 d1aa8c7aa28c4b5d32844579fcdb3649 Copy to Clipboard
SHA1 4a8731e1beff0e1d3dd6a7ada91c66ba6e93aad0 Copy to Clipboard
SHA256 840b79c84f58b6b04e9daa4413907ba8d440485d14d6bb22ce04decd46c9be67 Copy to Clipboard
SSDeep 1536:SiYhgo0536U/Gz+rcJFdIbGSmFEwK1qJYs22OWrV1TESEKWgsv8:1YT0536qYybdm3K1SYs22Oy3ESEKWA Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\KhtZaxHCrnpuo7nVrgy\tM5Rl2tEazTiLZqhQaZ.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 66.23 KB
MD5 f2627ca0dad993fb83d59e6d4931dded Copy to Clipboard
SHA1 75338473794c0f81f5f98c71b02d46c407476fab Copy to Clipboard
SHA256 9794d58fe84b90f68eb46df53d25c37225d16730b360e0c01cf2cd87fffe23b9 Copy to Clipboard
SSDeep 768:ds53lwFvARx+lyn9kQu106PJXerObz3u6UYm5PBk200k/NZ2fwz+Ohpq5tZA560t:u4vA19Q1tJdKkPJ10a+FjZA6OvZAp87 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\KhtZaxHCrnpuo7nVrgy\RVLZ_ktC_rtPghy2\mvih5mPrg\GNEgO8pyioj6mUNB.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.78 KB
MD5 508bbebc5d14a3a23d56dac5f15f8260 Copy to Clipboard
SHA1 c5130c24a79690ae6eac6c5d8b80a439bf152a6b Copy to Clipboard
SHA256 13bb99742fa76153ed766a1134d7a7d3b95b49d028463ca9b2d4c4a14fb82905 Copy to Clipboard
SSDeep 1536:RasYrfbBKVScP3Z1p3BA3s2yWF3Z8eSKcDtejBIZ:Rap7oLp1lBiryNx7L Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\KhtZaxHCrnpuo7nVrgy\RVLZ_ktC_rtPghy2\mvih5mPrg\yWpMNHroUpRQWS\ABUqhhHvw.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 83.84 KB
MD5 5ebeaf72485cdf906e9a7d1cd578944a Copy to Clipboard
SHA1 d971b4c4c16ac60917769219a47f43b20609eb49 Copy to Clipboard
SHA256 898bed9a39a6bb95b007f7d91cc23329f0455154fe39a4af5d49e9e2f8560047 Copy to Clipboard
SSDeep 1536:Q1tg9Q1MvzbLgAYVNXHIYTWK4uxXd1+8YfHsnvcUHE/2iS7c7tjAo6+:Q1tiQe/YWUxXdg8YfHIcUk/2r70 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\KhtZaxHCrnpuo7nVrgy\RVLZ_ktC_rtPghy2\mvih5mPrg\yWpMNHroUpRQWS\kHc7H0_q9H7OX.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 21.27 KB
MD5 4af0a834aa183889a5c574d78795868b Copy to Clipboard
SHA1 7c25519e71cb134584e6947c1a2d8b981c28ebc0 Copy to Clipboard
SHA256 6438e46d6ce8c9e0cdc651764b0472f98c39af57f2d069cf73aaafe0ec8b1188 Copy to Clipboard
SSDeep 384:OSKFiNnvfCuSkJJEawYF6HnrrqKaWZxlfcv9KOHm1WfEotaaHkSFI3AbCEX4X:6FiVHCuxm4i3qKa1FRHmwfEtay3wCEXM Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\KhtZaxHCrnpuo7nVrgy\UyyK7Inl\B2SEe 0cOn7 hcYlcx.mp3.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 39.88 KB
MD5 9f9d3a7b7ae49736d43899d500ff947b Copy to Clipboard
SHA1 ccf89ee90b67a34da482fc4449609da679f3b930 Copy to Clipboard
SHA256 a37d5c0371b0f5ea7f4c7f48ccebaea45aa595ac0dc60a4c930ee32830d69776 Copy to Clipboard
SSDeep 768:6NJ+49DnWC4mbXn/Z6ep1dwqotQjATKhhxP4qc/UpKYk:UJ+Y5HbXJZUt1H5 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\qIRkL Nox9AYY\LK5KOMk2PPtKnFuJ.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 61.59 KB
MD5 915c009a1ab95900a34130ae846a11b0 Copy to Clipboard
SHA1 75b1feb887bdda01724b3f4c6c7bcb7eacdaa3fb Copy to Clipboard
SHA256 46f2f2bae114eee34a7236efc87bb4f1d9edc2da4b44dae6a1bf3f08db7b6fd3 Copy to Clipboard
SSDeep 1536:AUs09HfKOhwMIJFVMDBEYCjqotd1GVgDtuH6LMFZ+pflgzws+SM9q1ogL:q09HfvmDUYld8Ys6GZ+4Us3L Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\vOQGGk\qIRkL Nox9AYY\q-LZE Xbdvkx36a.m4a.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.45 KB
MD5 656d120d5c2f0ea52c03f11d0db91862 Copy to Clipboard
SHA1 de9ce142427e30c3d2221adf79a137babf001f62 Copy to Clipboard
SHA256 b5c26b0e9be1962b553ef44a36f4ab93f5e81d2727747fb793c1e1a8e983cbec Copy to Clipboard
SSDeep 1536:Dw/P6FALQVrXjOxaEMilSpogLmraU9WTSdUSEqNQXSy8DjXYGtWGeh8dilAmxTP:8nqVuUEMikpoImrauWmwKQCHtWGG8I Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5cqxE.mp4.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 98.36 KB
MD5 a041220eec111f4ee27b95e8ec4c35b2 Copy to Clipboard
SHA1 0b9c15735e6c91b21dd6a84cbcd7b18a559c5c39 Copy to Clipboard
SHA256 cb10ce1c437b4861587fc0170bbd69e2541222abb982957a9ceffe765241d17c Copy to Clipboard
SSDeep 3072:th/s7GlyH/kY02aIP2y46kBPZfrRz7VmY:bkw0/kEZuywBBDxj Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\5V4sbrsoWF.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 86.50 KB
MD5 d4681bc60e34a9d6eef8eb8fcf8b6141 Copy to Clipboard
SHA1 cc3a95e662ec2f296df7185c76342e1dcf3b5043 Copy to Clipboard
SHA256 e19434f05f4dced3e803594d4ef5d59587678ca09de2888215be9bbea703fd4b Copy to Clipboard
SSDeep 1536:4b7gqqJEE77DL8y6+6P7Gk8fJm6kOkWh57xmDQ1vs9w7JCrqz4ODXsKk9k:kqJZ77DA/+6P0khWg809w42z4O7sVk Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\EdyPQBzYVYnznC39F.avi.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 6.31 KB
MD5 40e97f02b7f2892ea3187dbfa3ca4169 Copy to Clipboard
SHA1 cab64465497d55f0c89896c636284aa8c7e57f0e Copy to Clipboard
SHA256 ce38906f428c2c478103aa130e9195921edbdacb6b0f64b88db94c0754f10366 Copy to Clipboard
SSDeep 96:Y6OTiKf2DfMwB+IJ4XhMZJV5YiCd9qGlx3ZsP0m4o6sLnKa5BUYRVr2N49vuqH:Y6vBB+I8AYvYGllaPP46KeBnRpvnH Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\iEzVa8J8-XQ38AYL.avi.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 54.34 KB
MD5 837130f4b168360ac3c422192a84892e Copy to Clipboard
SHA1 76ef2a288e04d5fc3c71c82a14f0462004615407 Copy to Clipboard
SHA256 48e91fb34f89a53a02b52bbe61f66e8cbc59a613e06de17be669f2f8fcb6be5d Copy to Clipboard
SSDeep 768:BRJoeTfyF/GOFobANVG5gxSYLIzcj1BgMJyJWC53n9AyC5/tlERR/A3LmtWQPOSP:TJZwfATkIzcj1XyPnw/vC/A7mt37TT Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\TlTzXqB.avi.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 18.23 KB
MD5 0e6d6db8939381882ecbd7d62c93f236 Copy to Clipboard
SHA1 67e15917048cd50a98983fd043bb757aa8af16d6 Copy to Clipboard
SHA256 884be86d4ab7605ff0f921ea7e67406fed2661c4576d354e9f192089b91d5307 Copy to Clipboard
SSDeep 384:Y48imHA5nexDNY8rUrpWPWzKYVoZkjaswGHn+Y:Jsgox+8hWzKYs6wGH+Y Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\mt-Ftb\Sai3B_atvLFs8Vtvk.mp4.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 63.38 KB
MD5 4405c5fc65fda70973a8a5d1062431f2 Copy to Clipboard
SHA1 c5c3a56f477df53b76bf65bf6853854d09f34377 Copy to Clipboard
SHA256 5cab246fd2fcfca67d8709afc284d93a6ba91a9520f9055bfb1f3690ec048a38 Copy to Clipboard
SSDeep 1536:PJpeejk/8Ngn0cOEp5iKi8PHWLDherA9JZDNivWxW8u:BCkNU0cOEpo8P2LDb10V Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\mt-Ftb\W3IRTUX\pPobDu_KJ8EsuPVh e9.mp4.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 96.30 KB
MD5 61c76a168493b894cde0617bfac32a75 Copy to Clipboard
SHA1 d80ecda2591739d41d6e34b44df9b778a0c9b231 Copy to Clipboard
SHA256 090bc4188149b1141024ed761ff2ca3ed1f02dd3d60015f572a9e5e2ff76a2d9 Copy to Clipboard
SSDeep 3072:CBPxX9B6hB2JCFYuHqfiHm9uIoxQy3F8ww6U:CXNBOuCFYUi4IoCy3Fv3U Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\mt-Ftb\W3IRTUX\QBf_rZxKztUr\bnf9n.avi.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.28 KB
MD5 0d507b8e044a5584313ca59b2fae5cd6 Copy to Clipboard
SHA1 7edd5bf2a5939166900a5ea9a8517dbf7adedc93 Copy to Clipboard
SHA256 ec2597af7d6a26a9c6e25a3fd3e69cf9b1a6cc072615b57dc7d923846e8bc3e9 Copy to Clipboard
SSDeep 96:YpUngS7hvUIkEBvAGLsocyQ78V+IKjv5mdm0NGsi17ptA21dGTHHP6:Y6fUkZFBBV+I4Rmdmh17puTv6 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\mt-Ftb\W3IRTUX\QBf_rZxKztUr\rVgkpfo8CvKG qKwv.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 56.33 KB
MD5 4d3f3b6c962ff38fd50372c2f314db16 Copy to Clipboard
SHA1 77188da92f80aba23481fe3bc667cbbdd324403f Copy to Clipboard
SHA256 a5f336017f16deb9b81b881b2e3b52c32a6b3f99fdf657b54f8747a3bd5e04ad Copy to Clipboard
SSDeep 1536:cRrCFLIkFDbCXzFzF2nZIx42z8p5Nwg6MoheTPAA4k:urCFRFDbsyZX2z8pYMOeTo1k Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\tjVXRkpNIB1r9J7\a-u1yC1dotK.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 78.09 KB
MD5 567f374fbae7def6ea0bcf06d32e4f27 Copy to Clipboard
SHA1 595a231a0c8cf6d607450d7141303df79fb75987 Copy to Clipboard
SHA256 925f5554efd6b8da31910767ea893ef2d6b2d5296f0d67c26da82f351591a69d Copy to Clipboard
SSDeep 1536:PsDPImUyxrA3bFOLrvGKsaMYm3/CJLw9HCM6jk//:UDwFyxrKkLKFaMX6JE9H5// Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\tjVXRkpNIB1r9J7\t98PQxhnRg.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.75 KB
MD5 e3253d85f0f7e15a2201d605e6825c8b Copy to Clipboard
SHA1 e2257952e6efdb44899ad08989b9cb44e1517851 Copy to Clipboard
SHA256 2ee3e60220819211c74fbadc5a3c3e2f4d48d207a22cfe0d889148141f6a4401 Copy to Clipboard
SSDeep 768:I6qm4rSh2iBexeP8DRGqTPKaNMYf8Iw4TFWcnyJUZw94uLC3hxx1I41TsObWMBD:jqm4rSMReskPYf8T8yJUnzxRn1TsObz Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\tjVXRkpNIB1r9J7\UoyPXYhV3.mp4.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 46.00 KB
MD5 f7d273d52cf2da7efb6c6996f3e005fe Copy to Clipboard
SHA1 1497a07b1433956148b64b43a5a8d5a9f5112b2e Copy to Clipboard
SHA256 ac94262506ca95ba4dcb72fc405cfc5b5035aecef7a782b1705f035218f79e3b Copy to Clipboard
SSDeep 768:ohU36BKmBzo9APEZOfRkMAjaLJkKkm2KHR+dmD47uZxUhOWaGTVSFvwEPrW:ohU3MFzo9AsZlMAjqJHH2W+UZuhmGTVN Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\tjVXRkpNIB1r9J7\zZ ypcOIoNPE.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 13.59 KB
MD5 f770a9b4486b7cbe8d5b9e5cb8ed7a8a Copy to Clipboard
SHA1 72951a2bc4d1eb9af3818f2d8a3ea6a3c19d5bda Copy to Clipboard
SHA256 6665ed50e821ccf0ba26ffd7e492ae784c805336d2638a4c9d6014d0760a6974 Copy to Clipboard
SSDeep 384:nxJfzD+5kbimYeH1Ilpq3RBRgSeha0E9OH6i:xJfzDZemYeH1m6B2LaL9gH Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\H2LEvTvsbLu8 pd-f\XFjyvCfRZ\Bb1CtsRNOtOl8uFwW0XB.flv.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 83.12 KB
MD5 ceb5ec021938591de1c44c82906ffacd Copy to Clipboard
SHA1 03a269f98e84c907499a2b136e658a0b0efe31c6 Copy to Clipboard
SHA256 71472b31a9a9a8025f77f010b3c08efe4de8d239b0566db9690d969b6bf89d67 Copy to Clipboard
SSDeep 1536:YcGwhUIGJeT1oI6sAKHqStaYz+CCsZfwlQkuPfeeCoA96MGSNWbyiTJSVy5g:YckbsA5Yz3Plwi7Xeeowl7yiTcVV Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\r FGkipfOa7wa\TCPlIWSrj 6lmez8.avi.Indonesia Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 8.86 KB
MD5 895dacbc026e1cfbf961140458bf07f5 Copy to Clipboard
SHA1 d433caca948961f0be386a7e57c60860a896b9ba Copy to Clipboard
SHA256 97ec639876054061752066d4b50419f7c7ffd9dc1ebe37c8779d98f94592b6f1 Copy to Clipboard
SSDeep 192:YrG/WJBFsWjoegXFAMqtbDOUEBTkh8C+Qf8BnUeU/r16X1u3M6ZvtDOPnG:YrvFsUOFANbDOUESn+QZ//r16XH6Z+G Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image