× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2014a19fefb25dd3a57c26bde9a279dcd5f24b2f67792fbce34c78fa62468ec0
File name: d987e2116cddb37418eb5abfcf4e9961.virus
Detection ratio: 63 / 70
Analysis date: 2019-02-06 17:54:11 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware Win32.Neshta.A 20190206
AegisLab Virus.Win32.Neshta.n!c 20190206
AhnLab-V3 Win32/Neshta 20190206
ALYac Win32.Neshta.A 20190206
Antiy-AVL Virus/Win32.Neshta.a 20190206
Arcabit Win32.Neshta.A 20190206
Avast Win32:Apanas [Trj] 20190206
AVG Win32:Apanas [Trj] 20190206
Avira (no cloud) W32/Neshta.A 20190206
Baidu Win32.Virus.Neshta.a 20190202
BitDefender Win32.Neshta.A 20190206
Bkav W32.NeshtaB.PE 20190201
CAT-QuickHeal W32.Neshta.C8 20190206
ClamAV Win.Trojan.Neshuta-1 20190206
CMC Virus.Win32.Neshta!O 20190206
Comodo Win32.Neshta.A@3ypg 20190206
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.16cddb 20190109
Cylance Unsafe 20190206
Cyren W32/HLLP.41472 20190206
DrWeb Win32.HLLP.Neshta 20190206
eGambit Unsafe.AI_Score_99% 20190206
Emsisoft Win32.Neshta.A (B) 20190206
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Neshta.A 20190206
F-Prot W32/HLLP.41472 20190206
F-Secure Malware.W32/Neshta.A 20190206
Fortinet W32/Neshta.A 20190206
GData Win32.Virus.Neshta.A 20190206
Ikarus Virus.Win32.Neshta 20190206
Sophos ML heuristic 20181128
Jiangmin Virus.Neshta.a 20190206
K7AntiVirus Virus ( 700000131 ) 20190206
K7GW Virus ( 700000131 ) 20190206
Kaspersky Virus.Win32.Neshta.a 20190206
Kingsoft Win32.Neshta.nl.30720 20190206
MAX malware (ai score=88) 20190206
McAfee W32/HLLP.41472.e 20190206
McAfee-GW-Edition BehavesLike.Win32.HLLP.gh 20190206
Microsoft Virus:Win32/Neshta.A 20190206
eScan Win32.Neshta.A 20190206
NANO-Antivirus Trojan.Win32.Winlock.fmobyw 20190206
Palo Alto Networks (Known Signatures) generic.ml 20190206
Panda W32/Neshta.A 20190206
Qihoo-360 Virus.Win32.Neshta.B 20190206
Rising Win32.Netsha.a (CLOUD) 20190206
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV W32/Bloat-A 20190206
Symantec W32.Neshuta 20190206
TACHYON Virus/W32.Neshta 20190206
Tencent Virus.Win32.Neshta.a 20190206
TheHacker W32/Netshta.gen 20190203
Trapmine malicious.high.ml.score 20190123
TrendMicro PE_NESHTA.A 20190206
TrendMicro-HouseCall PE_NESHTA.A 20190206
VBA32 Virus.Win32.Neshta.a 20190206
VIPRE Virus.Win32.Neshta.a (v) 20190206
ViRobot Win32.Neshta.Gen.A 20190206
Yandex Win32.Neshta.A 20190206
Zillya Virus.Neshta.Win32.1 20190206
ZoneAlarm by Check Point Virus.Win32.Neshta.a 20190206
Zoner Virus.Win32.19514 20190206
Alibaba 20180921
Avast-Mobile 20190206
Babable 20180918
Malwarebytes 20190206
SUPERAntiSpyware 20190130
Trustlook 20190206
Webroot 20190206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000080E4
Number of sections 8
PE sections
Overlays
MD5 23f80425e737ca15a44ffc9590f1cbb7
File type data
Offset 41472
Size 437248
Entropy 6.71
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
SetDIBits
GetObjectA
DeleteDC
SelectObject
CreateSolidBrush
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
StretchDIBits
GetLastError
GetStdHandle
EnterCriticalSection
ReleaseMutex
GetFileAttributesA
FreeLibrary
ExitProcess
GetThreadLocale
GetModuleFileNameA
GetFileSize
RtlUnwind
WinExec
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
GetShortPathNameA
GetCommandLineA
CloseHandle
CreateMutexA
SetFilePointer
GetTempPathA
RaiseException
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
FindNextFileA
GetCurrentThreadId
SetFileAttributesA
GetDriveTypeA
LocalFree
GetLogicalDriveStringsA
GetLocalTime
InitializeCriticalSection
VirtualFree
FindClose
TlsGetValue
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
ExtractIconA
ShellExecuteA
ReleaseDC
GetIconInfo
DestroyIcon
FillRect
MessageBoxA
CharLowerBuffA
GetSysColor
GetKeyboardType
GetDC
CopyImage
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x80e4

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d987e2116cddb37418eb5abfcf4e9961
SHA1 eddf27f7a0b972f8d6e09f1e0e876a1f2a3b4607
SHA256 2014a19fefb25dd3a57c26bde9a279dcd5f24b2f67792fbce34c78fa62468ec0
ssdeep
12288:UhCIvWLalbcCEbBameSFPFfdQTt1VVEyfb:UhCIuOxEbcmrFot1R

authentihash 6dcc1101593f59752a2a8d1a8d41ddc5ec08f9029494c38392e2a65436d59863
imphash 9f4693fc0c511135129493f2161d1e86
File size 467.5 KB ( 478720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (84.9%)
Win32 Executable Delphi generic (4.5%)
Windows screen saver (4.2%)
Win32 Dynamic Link Library (generic) (2.1%)
Win32 Executable (generic) (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-28 17:57:15 UTC ( 2 years, 5 months ago )
Last submission 2018-01-21 09:42:20 UTC ( 1 year, 4 months ago )
File names d987e2116cddb37418eb5abfcf4e9961.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Shell commands
Runtime DLLs
UDP communications