YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash e7ca0792bbdccb785159cc9a583386f91e8bf435cb9a736e7f49fc5d4c3f93d4.

Scan Results

SHA256 hash:	e7ca0792bbdccb785159cc9a583386f91e8bf435cb9a736e7f49fc5d4c3f93d4
File size:	586'824 bytes
File download:	Original
MIME type:	application/x-dosexec
MD5 hash:	0c876128c2d5c52662347df740fde44d
SHA1 hash:	6af7737f1891a690fda18b439e72cbd89fea51b8
SHA3-384 hash:	586cc66576995bbbca6315c8c82162666261ce67954c36122eea3bcd9f4ba4cbcb34f1b393c27aa6c29f8c05ff00f285
First seen:	2025-11-21 02:46:53 UTC
Last seen:	Never
Sightings:	1
imphash :	9f4693fc0c511135129493f2161d1e86 Create hunting rule
ssdeep :	12288:vKeT4OydwORmV42Y5RBHtf8WS8sejGxUeRx7/1YG5knZfH:vKM4RCa0gDS8geepYG50ZfH
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	a011888ac4e06982 Create hunting rule

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:	5635a716-c684-11f0-adeb-42010aa4000b
File name:	0c876128c2d5c52662347df740fde44d
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	SecuriteInfo.com.Program.Unwanted.5590.UNOFFICIAL Create hunting rule

Signature:	Win.Trojan.Jadtre-5 Create hunting rule

Signature:	Win.Trojan.Neshta-153 Create hunting rule

Signature:	Win.Trojan.Neshta-160 Create hunting rule

Signature:	Win.Trojan.Neshuta-1 Create hunting rule

Signature:	Win.Virus.Neshta-7101689-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	Borland Create hunting rule
Author:	malware-lu
TLP:	TLP:WHITE
Repository:

Rule name:	EXE_Virus_Neshta_March2024 Create hunting rule
Author:	Yashraj Solanki - Cyber Threat Intelligence Analyst at Bridewell
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	classified
Author:	classified
Description:	classified
Reference:	classified
TLP :	TLP:AMBER

Rule name:	MAL_Malware_Imphash_Mar23_1 Create hunting rule
Author:	Arnim Rupp
Description:	Detects malware by known bad imphash or rich_pe_header_hash
Reference:	https://yaraify.abuse.ch/statistics/
TLP:	TLP:WHITE
Repository:	Neo23x0

Rule name:	MAL_Neshta_Generic Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects Neshta malware
Reference:	Internal Research
TLP:	TLP:WHITE

Rule name:	MAL_Neshta_Generic_RID2DC9 Create hunting rule
Author:	Florian Roth
Description:	Detects Neshta malware
Reference:	Internal Research
TLP:	TLP:WHITE

Rule name:	MALWARE_Win_Neshta Create hunting rule
Author:	ditekSHen
Description:	Detects Neshta
TLP:	TLP:WHITE
Repository:	diˈtekSHən

Rule name:	neshta_v1 Create hunting rule
Author:	RandomMalware
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	pe_detect_tls_callbacks Create hunting rule
Author:
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	shellcode Create hunting rule
Author:	nex
Description:	Matched shellcode byte patterns
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	classified
Author:	classified
Description:	classified
Reference:	classified
TLP :	TLP:GREEN

Rule name:	Windows_Virus_Neshta_2a5a14c8 Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.