Virus.Neshta

By CagedTech in Viruses

Threat Scorecard

Popularity Rank:	3,102
Threat Level:	80 % (High)
Infected Computers:	20,233

First Seen:	March 21, 2012
Last Seen:	February 5, 2026
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove Virus.Neshta

File System Details

Virus.Neshta may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	amtlib_patched.dll	167c0a9e211fa92a1d71e2b6b7cdc6d5	2,392
Name: amtlib_patched.dll MD5: 167c0a9e211fa92a1d71e2b6b7cdc6d5 Size: 69.12 KB (69120 bytes) Detections: 2,392 Type: Dynamic link library Path: %WINDIR%\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706C0F070E41400\15.7.20033\amtlib_patched.dll Group: Malware file Last Updated: February 2, 2026
2.	ReadMeRUS.exe	51dde7b3c69c9a314795e4d0ce637b74	299
Name: ReadMeRUS.exe MD5: 51dde7b3c69c9a314795e4d0ce637b74 Size: 377.99 KB (377996 bytes) Detections: 299 Type: Executable File Path: %PROGRAMFILES(x86)%\Adobe\Acrobat Reader DC\ReadMeRUS.exe Group: Malware file Last Updated: July 23, 2020
3.	Amazon Music Helper.exe	25f24a4b7a571a61c07e4afd31b00dbc	80
Name: Amazon Music Helper.exe MD5: 25f24a4b7a571a61c07e4afd31b00dbc Size: 3.09 MB (3092920 bytes) Detections: 80 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Amazon Music\Amazon Music Helper.exe Group: Malware file Last Updated: June 26, 2020
4.	SearchEngine.exe	3c6d9828953ad5f971c851a34a6f2753	79
Name: SearchEngine.exe MD5: 3c6d9828953ad5f971c851a34a6f2753 Size: 255.48 KB (255488 bytes) Detections: 79 Type: Executable File Path: %ALLUSERSPROFILE%\SearchEngine.exe Group: Malware file Last Updated: June 26, 2020
5.	launcher_DOWNLOAD.exe	898301aa4e1287adae2d59a21928e522	79
Name: launcher_DOWNLOAD.exe MD5: 898301aa4e1287adae2d59a21928e522 Size: 209.92 KB (209920 bytes) Detections: 79 Type: Executable File Path: %ALLUSERSPROFILE%\launcher_DOWNLOAD.exe Group: Malware file Last Updated: June 26, 2020
6.	chrmstp.exe	84d28893afd1a50b9f7c3ef28fb2fcc6	77
Name: chrmstp.exe MD5: 84d28893afd1a50b9f7c3ef28fb2fcc6 Size: 2.49 MB (2495320 bytes) Detections: 77 Type: Executable File Path: %PROGRAMFILES(x86)%\google\chrome\application\70.0.3538.102\installer\chrmstp.exe Group: Malware file Last Updated: June 26, 2020
7.	dropbox.exe	2ea59648cafe248b4d0dbf05e3a66c2c	70
Name: dropbox.exe MD5: 2ea59648cafe248b4d0dbf05e3a66c2c Size: 3.8 MB (3806016 bytes) Detections: 70 Type: Executable File Path: %PROGRAMFILES(x86)%\dropbox\client\dropbox.exe Group: Malware file Last Updated: November 10, 2020
8.	winampa.exe	e27799cb7402a7915399461c2bf488bb	70
Name: winampa.exe MD5: e27799cb7402a7915399461c2bf488bb Size: 74.75 KB (74752 bytes) Detections: 70 Type: Executable File Path: %PROGRAMFILES(x86)%\winamp\winampa.exe Group: Malware file Last Updated: November 10, 2020
9.	svchost.com	797829ec37d36f02dc5d0ef8513ec0b8	28
Name: svchost.com MD5: 797829ec37d36f02dc5d0ef8513ec0b8 Size: 41.47 KB (41472 bytes) Detections: 28 Type: Command, executable file Path: C:\Windows\svchost.com Group: Malware file Last Updated: June 5, 2022
10.	autodeskdesktopapp.exe	49cb9afa0ccb77e2109613bcca1f93e0	27
Name: autodeskdesktopapp.exe MD5: 49cb9afa0ccb77e2109613bcca1f93e0 Size: 704.42 KB (704424 bytes) Detections: 27 Type: Executable File Path: %PROGRAMFILES(x86)%\autodesk\autodesk desktop app\autodeskdesktopapp.exe Group: Malware file Last Updated: June 26, 2020
11.	allupdate.exe	b13c0daeab8cc0ec32b2a64cc0dd2dfc	16
Name: allupdate.exe MD5: b13c0daeab8cc0ec32b2a64cc0dd2dfc Size: 3.52 MB (3520968 bytes) Detections: 16 Type: Executable File Path: %PROGRAMFILES(x86)%\opensubtitlesplayer\allupdate.exe Group: Malware file Last Updated: June 26, 2020
12.	osdownloaderupdate.exe	94037eb7162f54e2edf9b0c2c38573ae	16
Name: osdownloaderupdate.exe MD5: 94037eb7162f54e2edf9b0c2c38573ae Size: 3.63 MB (3635712 bytes) Detections: 16 Type: Executable File Path: %PROGRAMFILES(x86)%\osdownloader\osdownloaderupdate.exe Group: Malware file Last Updated: June 26, 2020
13.	dvdaccess.exe	55bd75b5f12fe4911598247b6a5daca3	14
Name: dvdaccess.exe MD5: 55bd75b5f12fe4911598247b6a5daca3 Size: 909.82 KB (909824 bytes) Detections: 14 Type: Executable File Path: %PROGRAMFILES(x86)%\dvdaccess\dvdaccess.exe Group: Malware file Last Updated: June 26, 2020

More files

Registry Details

Virus.Neshta may create the following registry entry or registry entries:

Regexp file mask

%WINDIR%\svchost.com

Analysis Report

General information

Family Name:	Virus.Neshta
Signature status:	No Signature

Known Samples

MD5: fe883bf661ade9b86d18fb6facd0b9a1

SHA1: 5398a135133faff64f4c4192ba4f7fc64c34897b

File Size: 4.84 MB, 4835288 bytes

MD5: b28e51b537450623362a31ff191a932e

SHA1: e7e241b165a086c82e0de0af9e6d164c5f62dece

File Size: 7.40 MB, 7404112 bytes

MD5: 4fa29dc557593528b88c4414c5556979

SHA1: 10905aab55ab188503da9c4234cb36a27631ebf0

File Size: 594.92 KB, 594920 bytes

MD5: c9d730d7b8ec97372310136db7d715f7

SHA1: bf472a5fa4b831b78480dfeea40edcbe61314af7

File Size: 3.39 MB, 3389448 bytes

MD5: c60e7326d1587ef62115e355becc52c9

SHA1: 174484f398a4f09364d874a15d45ea60d8147eab

File Size: 534.53 KB, 534528 bytes

MD5: c1633cb663cc98c9f1a8654c1d68bd5a

SHA1: 582ba945bf22943ecac07d9e7bf5a11b35613b66

File Size: 7.44 MB, 7436872 bytes

MD5: d3e4d9902617077845f1e29dde10daf0

SHA1: f3f06939dbafed6ca1da575229d43f32f83c7e81

File Size: 483.13 KB, 483128 bytes

MD5: 6cabfb73635134e62b33e24c2d02636b

SHA1: 0dbdc9c3212b9dbb601cd8885b848371a82a1052

File Size: 175.70 KB, 175696 bytes

MD5: 0b96b96fc6781157e12224d4ea13a7b5

SHA1: 23cb46161c68f6b8614cffe6e25be5fb9d7b3dac

File Size: 536.06 KB, 536064 bytes

MD5: a578d2e1cd2b214d7ce1ad95c3f45ab5

SHA1: cb50cf0f26ab7330df0e0f6f11739a21308562b4

SHA256: 13C763B29792E809F797D200BCB97910390344785F683A02562B28466FF81C2C

File Size: 5.59 MB, 5593256 bytes

MD5: 57b15700a72e2a622426e65b13fbf70a

SHA1: 1a927bb4810d680040ccf2e0ee19a23c04d65cd4

SHA256: 79EA1546A88BB2497BCDDDB79BFC5DADFB12E4FE531579F17672FBF5C78D67DA

File Size: 1.50 MB, 1497600 bytes

MD5: e724a5c55e9c02083630d3507c9b001a

SHA1: 47c52665569e65dfd55e12a69ab90bb6765b1a80

SHA256: 1752DACCD1D5B49B4FB29E887D2566207649FC65D4451C8649F74E5DBEB10AFF

File Size: 7.41 MB, 7405648 bytes

MD5: 932e0f5b478a2210d6e70e8f9a6189b3

SHA1: 718c3535562b1ca4794cc065e4f9d7731bea2327

SHA256: B362A49661C4ACC564BBDC2E1C71375111EC50158CB6C7AB0FB0A687ED5D449C

File Size: 4.57 MB, 4566080 bytes

MD5: 433eafd8badbe5eeb3e3606754111aaa

SHA1: 756dc340065a65b545e3512e15444b22ee6e4dbc

SHA256: AA76F5925EF23D08457D2D9C39F104A440A118601701F7DF9B94F46B18443D51

File Size: 383.39 KB, 383392 bytes

MD5: 2a6f3eb0378375ee49a4286afeae7666

SHA1: a57d328b7889a5c5ce3e57b9134a1a9a48b03fc3

SHA256: 3D0A7E7011C4FD4395B62A238A6E2CCD4D61295EFA565DE2AC10789A009DBA1A

File Size: 41.47 KB, 41472 bytes

MD5: 390aff6004e5ae9e86d3d3ff909b988f

SHA1: 48ed66aee09a6ee693c048bea1a44bc06df37140

SHA256: DD94580F0A4B0AA8C47DD4F6CB40690F8861FFFC28B5E1EFD14A9F005005A6C3

File Size: 2.63 MB, 2625080 bytes

MD5: 3a048b66120c3363cca6c92e05e7a2c2

SHA1: 328da51bd585321665366b33ff41c1a5433f20f5

SHA256: 2843788EDB9D41B0F890698136B977F898CA9F8D7812991D93E636F7708C9D8E

File Size: 9.95 MB, 9948704 bytes

MD5: 73552d12cd7f57bf108aac52702b9adf

SHA1: d294ba97bcdce889dcf04b674df40862b4ac9df5

SHA256: 70F1E119EA3C090A4979A98747651E3E33055A78F948BB828EC53BE4E3CEB40D

File Size: 4.35 MB, 4353600 bytes

MD5: d25318995b4156bd1a6f4f1f248463c3

SHA1: 812a8e4015e26d65b550ad9c5bb49ea192c7efb6

SHA256: C09DD4EF87417331DE74ECEE1386BAF91AE36CC7F76DC665731691B0FB5F02EB

File Size: 442.68 KB, 442680 bytes

MD5: 953c83ff277d8443a330de662a20e72e

SHA1: 19ecdf5c6a7d5dca3a164e3e4b22301be12772c6

SHA256: EB8781E896DB701E24AB06BAE7A8A60CCABF105714BED733F28BF17B961AF755

File Size: 2.20 MB, 2195840 bytes

MD5: 0caaf1b3ad16ca95050196ed983ef73a

SHA1: b913a43bcb565c5dc5926ff742448379afedaf76

SHA256: 7C1D4EA43116BE3818301AB3B736BB47DA1E73B84EDB045D046441DAC17A50D2

File Size: 3.72 MB, 3722240 bytes

MD5: 13c4b149f24f18c544d905a805578f49

SHA1: ea01604fe97e4a557a58b05d5a8e65b8450633a9

SHA256: B84FB3462CC9516C60A77E64BF67BC1C406734FFC386C63633AF9768B40810F2

File Size: 2.11 MB, 2113064 bytes

MD5: e3ecc4c021c44ffdeca886483af6e790

SHA1: 75c08b21e3e1f24f7ff03d2d309ea00be4625d0c

SHA256: 0877F47555874B7C905B5D8A8D576F8FC48059325B4C8F4D4802C1ACBC6A3D08

File Size: 1.06 MB, 1060904 bytes

MD5: 790aa0eeb13e4a57067a1186015b8bc0

SHA1: 4868d78c77e4eb3f751b66f5dc927cbd600dbcbd

SHA256: 46BBCC13EB1E570C973838892B5F9AC6999FB9655F85793143281539D174DD2E

File Size: 269.82 KB, 269824 bytes

MD5: 223322c8c8b578afac35389771048695

SHA1: c274f579c3acd7e093dbd37ed1c089a91f8b8fb6

SHA256: 16515A91CFD7EDBE00CFF565AF7E4667157ADD6941BB6BFB10254FFF75B189AA

File Size: 170.12 KB, 170120 bytes

MD5: 951663d6980997fd9e26ba1b236bb4c7

SHA1: 922ac9bd6f8d11812029f542759bf848579e6728

SHA256: C26A447CCF061B3C54A4010C207D6A6FF6589E92D3698F82BF68AEB82421DF51

File Size: 5.02 MB, 5020048 bytes

MD5: a03b9efae0c02bd8116f537fce2c53dd

SHA1: ba525b8525f77c3340b9a818253ba9a25badef2c

SHA256: E6602B4FDEA1D1BA7B2A0A95B71DB0B596CE992C356725D8AB5B3796CE9BCC63

File Size: 2.18 MB, 2179992 bytes

MD5: 431dc5f06b778d7e162f0dd226dfb0e4

SHA1: 921af9d3dcd331d9e19eba8974e6f4cb44904594

SHA256: 219A45EC1C404AA145888615E4BA7245A177952330B4C2C47D0E95124710F75D

File Size: 5.03 MB, 5033848 bytes

MD5: 314cdcf27c94f4116435bc458bf09d5e

SHA1: 510912f7fad022bcc592d23dba2db44481831a32

SHA256: E4BDE426707AEA5BC64107843FF0CE6D1834FBB92D382D6F086038BEC7C215BD

File Size: 41.47 KB, 41472 bytes

MD5: 6e0cc7bcf00cac6441cdc0b4e73d4c4b

SHA1: 93b546dd3d2d10a1fed9e3238eaf4ba273656a6d

SHA256: 522A607E8E1069D4FFFE323F90D614A8CD021013F8821FD9DB3DC22ADE6BF568

File Size: 873.94 KB, 873936 bytes

MD5: f69a220a5e1c9c10e6789686a74c0eed

SHA1: 01761204b7003ff3154b7d455d7a5a0d1f381f77

SHA256: 6621D37C415AD4307D63891FA9EB60B6462BA635252F7CB4A61EEC007575D30B

File Size: 1.83 MB, 1827392 bytes

MD5: 6ff5861361d520d01875c14fdc5acb55

SHA1: f1abda585aec71efa9987e4683905391e97a7578

SHA256: D1442D2D03A4F88246F5575ADED330B6CF32DDD71EC4BAC0BA2F978DFEF8A09D

File Size: 1.18 MB, 1179104 bytes

MD5: f80b11b844337de6d9c7f0bcd975f8b9

SHA1: b54f8f8962fe198c0364a23cf19b8b5b85345848

SHA256: 0B1915D8E566B25A79C0D38022D76F7DC8667DD323A0B34247BC1C21D94EF7CA

File Size: 1.52 MB, 1516848 bytes

MD5: 881745900d9e55b4c5d0c17c4467788b

SHA1: 176457797322ad196767d7becf15c5e47614553e

SHA256: 05530FF6A971FF48E5D6836ACFCCFCE0EFE5E787F25FABBC7344B44D57171D0D

File Size: 1.40 MB, 1401344 bytes

MD5: 889fd4d0c163c73d467ca287c397042c

SHA1: c224060bcec02bab939cd78fae3c4ab727d02928

SHA256: AC5A44A26736812AEB83303F0E65071B77F1C4CE77848E019CDB41B20C623E6F

File Size: 3.09 MB, 3089656 bytes

MD5: 236570fcc1c2d7c8119fb1d1011e26ae

SHA1: d4df3591aa0d362671254d0b4e5b547e4eaa7758

SHA256: B1EB5819712EBB7DBBD79A855541646D0F736DFFCAB5B48B76EE4086B4B975F4

File Size: 2.40 MB, 2400697 bytes

MD5: e2eae28dc3771be325d1aed8a76ada1a

SHA1: 355fc9219c712c7a73037531bf289930ab22aede

SHA256: 0DE8D124B9A272E7BE4453B2217C293062F94488B5DDC85531F3ACABA0CE0024

File Size: 197.74 KB, 197736 bytes

MD5: aaf39639add9f9e35082815657cd13c8

SHA1: 20f61d56050d914243477db45ab9ac5291fe5ae7

SHA256: EC0A36E6DDE16AAFC009A28B2848DE110173120922C13E1F1AAE5A3BA2749147

File Size: 643.70 KB, 643704 bytes

MD5: e01177927c5420eb9d312759a0599cc3

SHA1: b972a8a0c9e4b2c2398eed9eb5a1fb8bfb7d9ce5

SHA256: 64C1888B72F26D00C41E1018D0B412EBC8471D245240C882D872B6CD776C4514

File Size: 5.05 MB, 5047320 bytes

MD5: f2b7f30a8175491b2e23034b113cb9f4

SHA1: ec808fb4957896030058f47fd44266c47dc0d926

SHA256: 24100DE28836F95795B1F4E351495B9210F75C014AD78D8BC60B95D8D0921A9D

File Size: 9.61 MB, 9606568 bytes

MD5: aeb18a3808d6e119f83c8d08f05842fe

SHA1: 954797fdf8298e1c3deab8f0d2d15d63756f6e6d

SHA256: 5B913880B5C11B963050A2581D52DF8B8A1BDC0FE6FE3C04B36CC037BDB7B971

File Size: 2.85 MB, 2853848 bytes

MD5: f5265524c80500af7ee2b04a7bfc68e4

SHA1: 052eed91eb72ad6aa0799e8c013b235c00d83cc0

SHA256: 0C4A12FB2B232EBAACC2F4D952EF72842742945F8B9EE6D521A4F13A93EE91C0

File Size: 9.21 MB, 9206760 bytes

MD5: 142a5fd4814c612c8a32021cdd2c36e9

SHA1: c78ca70bf320d5f87deda1fa98f4ff9f4a5f29dc

SHA256: 98CB95ACF7C4D643695213B227B01F89A97A99E9F8A92B0C3825D936126E4893

File Size: 167.94 KB, 167936 bytes

MD5: 86bde98d40f285bf70ee0c720dd7696e

SHA1: 52672c616826b7d0deb9446e0f906f50592c109b

SHA256: 68BE84CE441165439990D831EA4B9E253186B429B802978089DA04A5DECF2780

File Size: 6.73 MB, 6732224 bytes

MD5: 043e3fffe4b8d324554b2b472a3769f5

SHA1: 84ffc7ebda2daaaca95bb7e694dfcce51639c08e

SHA256: 8636D31753861E3AE9CC953AF2D0C0F883910A4CE670F13714B442C6A87D19CF

File Size: 41.47 KB, 41472 bytes

MD5: acf6545e83c0e724127f6e0a62f585fc

SHA1: 8e49e3b7af4f28de4bf1a669df4e84a57a1dbf05

SHA256: 16ACB917E984EA7DC9C325040A39E415D0B2F21DBD1B2EE7BC227DAEF57A465A

File Size: 267.78 KB, 267776 bytes

MD5: 3846049e5f5825e963c1203fb5ece9cf

SHA1: b58f31f60a06973d913d8af7dbc256415a489fe1

SHA256: 896E6DCABBD15591FC38E3A0042948D3D2250609D93773D7AFC9B58A1E4DE87A

File Size: 6.77 MB, 6765112 bytes

MD5: adf45a0b72bc11f7738b8e2793563b66

SHA1: 52f689ad2fa6fd5b1de4355e33d8d731ffa1863d

SHA256: 1CB427F13D1E3D471D822A304757319896759745C0700C04D5531ED06AB9DCE9

File Size: 127.79 KB, 127792 bytes

MD5: fa861c829fff436521a9ecfde1374294

SHA1: 6ca79435bb0beae68b98398477165626db1a787e

SHA256: BF734D3CA144BE1F389E5D384682B3050EC7A98C2D7ADB9BDBE250BD60223D23

File Size: 4.78 MB, 4778344 bytes

MD5: 68b30e85d0b45d6feb9c9d37b3122d41

SHA1: f69076e2b14aa75e2d33cf324bc61e86531dba97

SHA256: 9DE60AF392DAC3191E965837F8DE7663F04B3A8DB5D6A58531F89A52CB5841C6

File Size: 1.02 MB, 1023184 bytes

MD5: 5b72b65a02cb09f3b6bee414edb1607d

SHA1: d62d903066104a57cb7e8d5bc32e7981b8148b7b

SHA256: E4C6311E88083AB971D7D8D3C622221EADB86564654B8F20CC0E8159D61054D0

File Size: 293.21 KB, 293208 bytes

MD5: 9e032509205da91873d387102a1da16b

SHA1: 80ea0bf51abb586fc28ed9ac753443bfca48ef3b

SHA256: 6E78FC07FE836539D2F981F8593AAFC0607CD2CE3E51A313EAD367225DC55BC9

File Size: 610.44 KB, 610436 bytes

MD5: e075d321fa635ce2b8f5a74435c8b16d

SHA1: c780629a987a56b6e14323f7e7e0cc19d9a309f2

SHA256: 2275972490164632C611F43331FB56691B1A46C30266A01513086997B0688F33

File Size: 297.14 KB, 297136 bytes

MD5: 6497397c7c95517fd886ddf127516e4c

SHA1: db097d124f15c095a3dfe5c7fa94646020e55d5b

SHA256: 1D231436B59DAD26F3EF54838C00BB50EF3BEE4AE04AB89BD96EDC4DB683B67D

File Size: 60.42 KB, 60416 bytes

MD5: fadaf2cdbacc06dad9ac7f6f075de766

SHA1: f33871ce530d494e44c3184262016512106ffade

SHA256: 5812831F04107B6A3ED14824101724D0D62FB1870473E29D79E1E85C2A589D53

File Size: 380.42 KB, 380416 bytes

MD5: 30576ad37aa4ecc67fcd6b0f76121d78

SHA1: eb9d8f1a61d72095d99b648515876273015ffc07

SHA256: FFC4E0D74F93CE4E5647B48F3F34809495353C9248507B6B55BA33093F73627D

File Size: 570.53 KB, 570528 bytes

MD5: faa2d58687885fb0f926082b40b89179

SHA1: fbd399015cea5c1b9506927eaeb9c540d24dfee8

SHA256: ED0D7AE0FE161D8019AA5C5C22BE1CC3521280C4EC9883DE12D0ECFA9EF3F966

File Size: 180.22 KB, 180224 bytes

MD5: 54c1df1b5b74a01a81f0fdbef191e697

SHA1: 9ece1644775029ae2742b3d7581114619ecd8180

SHA256: 6D1EF64D82306218D46E7F6567BEDD4A8D789748413D457AEAB31B52C794F1DB

File Size: 1.93 MB, 1929912 bytes

MD5: 5276a4df32dde4d62fd015dcd91524d9

SHA1: a3ebbb745bef08b7e2e90f0b51f5b34f6375a12b

SHA256: 3BAD0D684DB4CDE6A58735E87B7804B564DA25F06F92E301BB3C7C65F0C6C5F5

File Size: 992.62 KB, 992616 bytes

MD5: 063bf7536a807542ba664545b18854ea

SHA1: d324e8c92423c4dafc48790edde96ef617cfbe4a

SHA256: 18A0C4C1B31845DF5570F8C7EC0131BC748F7FAEE62D69F61E9F3953B1F1F84E

File Size: 9.91 MB, 9909432 bytes

MD5: 615cfaa21ce2b45e84d0e6695708da61

SHA1: 8295f0f19f0eaaa0fdcbebc6a49fd2fdcd063290

SHA256: 70BDAF6286EF80F6142DDC4C54B5A4F8384FE6B2604685981F0A7843AF220290

File Size: 4.17 MB, 4167264 bytes

MD5: eed17abb73db97e51209b1933aa2da30

SHA1: 9922568b135f71ee3d3b5a1caaea60713a62b047

SHA256: F41AACA8EC11E111207A2FEA9134A92BDC46B1B8B8791EC8A50D6D8ABB657B9F

File Size: 272.54 KB, 272536 bytes

MD5: f3e545743f938f62ede6bc4774dd59ba

SHA1: 986a6059b78a81c75eafbaf897f7ba9944981a1c

SHA256: 90A0B62BBC310FECEAE47072A823ADEB688AE4B457678011AB7840E9570DA3EB

File Size: 2.41 MB, 2414080 bytes

MD5: cbe0170984b390717897070e6572f633

SHA1: aee2685fb10c30b98557c43c1f5bd1af352d7932

SHA256: 60FF3BE0CEB9A3456CE125D4942AA490CF375D1266FF3A6A7FB39F5B41F9DE94

File Size: 170.75 KB, 170752 bytes

MD5: 4757620c9454e2a6ef80103ecd8d5c9a

SHA1: ea738106ff1efb21811c9026159de9dd19ec27ec

SHA256: 7A593EA07641700C002BF087A22B010940FCAB585CE1FAF8F995D11A1D24D87B

File Size: 4.04 MB, 4040880 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0
Comments	Flavor=Retail
Company Name	AdbDriver.com Avira Operations GmbH & Co. KG CPUID Esri InstallShield Software Corporation iWorks Co,Ltd. LR8 Microsoft Microsoft Corporation
File Description	.NET Runtime Optimization Service AdjustFrameCamera EXE Android Adb USB Driver Installer for x64 Avira.OE.Setup.Prerequisites CPU-Z Application InstallShield (R) Setup Engine IVTCHGRCV LR8 OpenJDK Platform binary
File Version	17.0.15.0 16.2.0.33 6, 31, 100, 1190 4.7.2053.0 built by: NET47REL1 1.2.105.36322 1.00 1.0.0.0 1, 8, 2, 0 1, 0, 0, 0
Full Version	17.0.15+6-LTS
Internal Name	ADI AdjustFrameCamera Avira.OE.Setup.Prerequisites cpuz.exe IVTCHGRCV.exe jaccesswalker Kernel LR8.dll mscorsvw.exe TJprojMain
Legal Copyright	Copyright (C) 1990-2001 InstallShield Software Corporation Copyright (C) 2004-2017 Copyright (C) 2013 AdbDriver.com Copyright ©1999-2018 Esri Inc. All Rights Reserved Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors Copyright © 2025 Copyright © iWorks Co,Ltd. 2008 © Microsoft Corporation. All rights reserved.
Original Filename	AdbDriverInstallerX64.exe AdjustFrameCamera.EXE Avira.OE.Setup.Prerequisites cpuz.exe iKernel.exe IVTCHGRCV.exe jaccesswalker.exe LR8.dll mscorsvw.exe TJprojMain.exe
Private Build	DDBLD299A
Product Name	Android Adb Driver Installer for x64 ArcGIS Avira CPU-Z Application InstallShield (R) IVTCHGRCV LR8 Microsoft® .NET Framework OpenJDK Platform 17.0.15 Project1
Product Version	17.0.15.0 16.2.0.33 6, 31 4.7.2053.0 1.2.105.36322 1.00 1.0.0.0 1.0.0 1, 8, 2, 0 1, 0, 0, 0

Digital Signatures

Signer	Root	Status
CPUID	Class 3 Public Primary Certification Authority	Hash Mismatch
CPUID	DigiCert High Assurance EV Root CA	Hash Mismatch
Microsoft Dynamic Code Publisher	Microsoft Code Signing PCA	Hash Mismatch
Microsoft Dynamic Code Publisher	Microsoft Code Signing PCA 2010	Hash Mismatch
Environmental Systems Research Institute Inc.	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch

Avira Operations GmbH & Co. KG

VeriSign Class 3 Public Primary Certification Authority - G5

Hash Mismatch

File Traits

.NET
big overlay
HighEntropy
Installer Version
No Version Info
Nullsoft Installer
x64
x86

Block Information

Total Blocks:	275
Potentially Malicious Blocks:	38
Whitelisted Blocks:	237
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x 0 x x x x x x x x x 0 x x 0 0 x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Stealer.YB

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
c:\program files	Read Attributes,Synchronize,Write Data
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\programdata\remcos\remcos.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\remcos\remcos.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\progra~3\packag~1\{042d2~1\vcredi~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{33d1f~1\vcredi~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{47109~1\vc_red~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\progra~3\packag~1\{5af95~1\vc_red~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{9dff3~1\vcredi~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{ca675~1\vcredi~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\__sand~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~2.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\shsand~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3582-490\052eed91eb72ad6aa0799e8c013b235c00d83cc0_0009206760	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\10905aab55ab188503da9c4234cb36a27631ebf0_0000594920.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\174484f398a4f09364d874a15d45ea60d8147eab_0000534528.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\176457797322ad196767d7becf15c5e47614553e_0001401344	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\19ecdf5c6a7d5dca3a164e3e4b22301be12772c6_0002195840	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\1a927bb4810d680040ccf2e0ee19a23c04d65cd4_0001497600	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\20f61d56050d914243477db45ab9ac5291fe5ae7_0000643704	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\23cb46161c68f6b8614cffe6e25be5fb9d7b3dac_0000536064	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\328da51bd585321665366b33ff41c1a5433f20f5_0009948704	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\355fc9219c712c7a73037531bf289930ab22aede_0000197736	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\47c52665569e65dfd55e12a69ab90bb6765b1a80_0007405648	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\48ed66aee09a6ee693c048bea1a44bc06df37140_0002625080	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\52672c616826b7d0deb9446e0f906f50592c109b_0006732224	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\52f689ad2fa6fd5b1de4355e33d8d731ffa1863d_0000127792	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\582ba945bf22943ecac07d9e7bf5a11b35613b66_0007436872.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\6ca79435bb0beae68b98398477165626db1a787e_0004778344	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\718c3535562b1ca4794cc065e4f9d7731bea2327_0004566080	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\812a8e4015e26d65b550ad9c5bb49ea192c7efb6_0000442680	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\921af9d3dcd331d9e19eba8974e6f4cb44904594_0005033848	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\922ac9bd6f8d11812029f542759bf848579e6728_0005020048	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\93b546dd3d2d10a1fed9e3238eaf4ba273656a6d_0000873936	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\954797fdf8298e1c3deab8f0d2d15d63756f6e6d_0002853848	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b54f8f8962fe198c0364a23cf19b8b5b85345848_0001516848	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b58f31f60a06973d913d8af7dbc256415a489fe1_0006765112	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b913a43bcb565c5dc5926ff742448379afedaf76_0003722240	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b972a8a0c9e4b2c2398eed9eb5a1fb8bfb7d9ce5_0005047320	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\ba525b8525f77c3340b9a818253ba9a25badef2c_0002179992	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\bf472a5fa4b831b78480dfeea40edcbe61314af7_0003389448.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\c78ca70bf320d5f87deda1fa98f4ff9f4a5f29dc_0000167936	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\cb50cf0f26ab7330df0e0f6f11739a21308562b4_0005593256	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\d294ba97bcdce889dcf04b674df40862b4ac9df5_0004353600	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\d62d903066104a57cb7e8d5bc32e7981b8148b7b_0000293208	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\e7e241b165a086c82e0de0af9e6d164c5f62dece_0007404112.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\eb9d8f1a61d72095d99b648515876273015ffc07_0000570528	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\f3f06939dbafed6ca1da575229d43f32f83c7e81_0000483128.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\f69076e2b14aa75e2d33cf324bc61e86531dba97_0001023184	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh816f.tmp\nsexec.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh816f.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh816f.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh816f.tmp\winshell.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\msedge_installer.log	Read Attributes,Synchronize,Append data
c:\windows\appcompat\programs\amcache.hve	Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve	Write Attributes
c:\windows\svchost.com	Generic Write,Read Attributes
c:\windows\systemtemp	Read Attributes,Synchronize,Write Data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command::	C:\WINDOWS\svchost.com "%1" %*	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Wcgoaamz\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Wcgoaamz\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Wcgoaamz\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	街ꎉ殺Ǜ	RegNtPreCreateKey
HKCU\.avi::		RegNtPreCreateKey
HKCU\.gif::		RegNtPreCreateKey

HKCU\.heic::		RegNtPreCreateKey
HKCU\.jpeg::		RegNtPreCreateKey
HKCU\.jpg::		RegNtPreCreateKey
HKCU\.key::		RegNtPreCreateKey
HKCU\.mkv::		RegNtPreCreateKey
HKCU\.mov::		RegNtPreCreateKey
HKCU\.mp4::		RegNtPreCreateKey
HKCU\.mpeg::		RegNtPreCreateKey
HKCU\.numbers::		RegNtPreCreateKey
HKCU\.pages::		RegNtPreCreateKey
HKCU\.png::		RegNtPreCreateKey
HKCU\.svg::		RegNtPreCreateKey
HKCU\.webm::		RegNtPreCreateKey
HKCU\.webp::		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::rmc-kok3x6	"C:\ProgramData\Remcos\remcos.exe"	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::rmc-kok3x6	"C:\ProgramData\Remcos\remcos.exe"	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess ShellExecute
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose Show More ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtLoadKeyEx ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtTraceEvent ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC 94 additional items are not displayed above.
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetUserObjectInformation
Process Terminate	TerminateProcess
Other Suspicious	SetWindowsHookEx
Encryption Used	BCryptOpenAlgorithmProvider

Shell Command Execution


							open C:\Users\Bpklgzxp\AppData\Local\Temp\3582-490\e7e241b165a086c82e0de0af9e6d164c5f62dece_0007404112.exe


							open C:\Users\Wcgoaamz\AppData\Local\Temp\3582-490\10905aab55ab188503da9c4234cb36a27631ebf0_0000594920.exe


							"C:\Users\Wcgoaamz\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"   _?=C:\Users\Wcgoaamz\AppData\Local\Temp\3582-490\


							"C:\WINDOWS\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Canva.exe" /FO csv | "C:\WINDOWS\system32\find.exe" "Canva.exe"


							C:\WINDOWS\system32\tasklist.exe tasklist  /FI "USERNAME eq Wcgoaamz" /FI "IMAGENAME eq Canva.exe" /FO csv


									C:\WINDOWS\system32\find.exe "C:\WINDOWS\system32\find.exe"  "Canva.exe"


									open C:\Users\Xrpcquev\AppData\Local\Temp\3582-490\bf472a5fa4b831b78480dfeea40edcbe61314af7_0003389448.exe


									open C:\Users\Obekzwwy\AppData\Local\Temp\3582-490\174484f398a4f09364d874a15d45ea60d8147eab_0000534528.exe


									open C:\ProgramData\Remcos\remcos.exe


									open C:\Users\Xwqscasu\AppData\Local\Temp\3582-490\582ba945bf22943ecac07d9e7bf5a11b35613b66_0007436872.exe


									open C:\Users\Wmrbywke\AppData\Local\Temp\3582-490\f3f06939dbafed6ca1da575229d43f32f83c7e81_0000483128.exe


									open C:\Users\Bbbchscz\AppData\Local\Temp\3582-490\23cb46161c68f6b8614cffe6e25be5fb9d7b3dac_0000536064


									open C:\Users\Deukoats\AppData\Local\Temp\3582-490\cb50cf0f26ab7330df0e0f6f11739a21308562b4_0005593256


									open C:\Users\Awicwobl\AppData\Local\Temp\3582-490\1a927bb4810d680040ccf2e0ee19a23c04d65cd4_0001497600


									open C:\Users\Jyvqzlme\AppData\Local\Temp\3582-490\47c52665569e65dfd55e12a69ab90bb6765b1a80_0007405648


									open C:\Users\Ztjavhcs\AppData\Local\Temp\3582-490\718c3535562b1ca4794cc065e4f9d7731bea2327_0004566080


									open C:\Users\Mgvlwzmg\AppData\Local\Temp\3582-490\48ed66aee09a6ee693c048bea1a44bc06df37140_0002625080


									open C:\Users\Orjuveyt\AppData\Local\Temp\3582-490\328da51bd585321665366b33ff41c1a5433f20f5_0009948704


									open C:\Users\Tmhmigve\AppData\Local\Temp\3582-490\d294ba97bcdce889dcf04b674df40862b4ac9df5_0004353600


									open C:\Users\Stmqoimq\AppData\Local\Temp\3582-490\812a8e4015e26d65b550ad9c5bb49ea192c7efb6_0000442680


									open C:\Users\Lexjjoex\AppData\Local\Temp\3582-490\19ecdf5c6a7d5dca3a164e3e4b22301be12772c6_0002195840


									open C:\Users\Fojzhapm\AppData\Local\Temp\3582-490\b913a43bcb565c5dc5926ff742448379afedaf76_0003722240


									open C:\Users\Ybyuyhoz\AppData\Local\Temp\3582-490\922ac9bd6f8d11812029f542759bf848579e6728_0005020048


									open C:\Users\Pzvypspg\AppData\Local\Temp\3582-490\ba525b8525f77c3340b9a818253ba9a25badef2c_0002179992


									open C:\Users\Kskuzxyt\AppData\Local\Temp\3582-490\921af9d3dcd331d9e19eba8974e6f4cb44904594_0005033848


									open C:\Users\Esossroo\AppData\Local\Temp\3582-490\93b546dd3d2d10a1fed9e3238eaf4ba273656a6d_0000873936


									open C:\Users\Cmkmosgf\AppData\Local\Temp\3582-490\b54f8f8962fe198c0364a23cf19b8b5b85345848_0001516848


									open C:\Users\Rvuxwyyf\AppData\Local\Temp\3582-490\176457797322ad196767d7becf15c5e47614553e_0001401344


									open C:\Users\Jdthcerh\AppData\Local\Temp\3582-490\355fc9219c712c7a73037531bf289930ab22aede_0000197736


									open C:\Users\Tmwrdawi\AppData\Local\Temp\3582-490\20f61d56050d914243477db45ab9ac5291fe5ae7_0000643704


									open C:\Users\Muyeokhw\AppData\Local\Temp\3582-490\b972a8a0c9e4b2c2398eed9eb5a1fb8bfb7d9ce5_0005047320


									open C:\Users\Ypyphmzy\AppData\Local\Temp\3582-490\954797fdf8298e1c3deab8f0d2d15d63756f6e6d_0002853848


									open C:\Users\Zwpfyakl\AppData\Local\Temp\3582-490\052eed91eb72ad6aa0799e8c013b235c00d83cc0_0009206760


									open C:\Users\Pekmqmwr\AppData\Local\Temp\3582-490\c78ca70bf320d5f87deda1fa98f4ff9f4a5f29dc_0000167936


									open C:\Users\Yknwmwsr\AppData\Local\Temp\3582-490\52672c616826b7d0deb9446e0f906f50592c109b_0006732224


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 832


									open C:\Users\Jxcbforj\AppData\Local\Temp\3582-490\b58f31f60a06973d913d8af7dbc256415a489fe1_0006765112


									open C:\Users\Tmfnvieh\AppData\Local\Temp\3582-490\52f689ad2fa6fd5b1de4355e33d8d731ffa1863d_0000127792


									open C:\Users\Dkipwqlw\AppData\Local\Temp\3582-490\6ca79435bb0beae68b98398477165626db1a787e_0004778344


									open C:\Users\Udpplqdj\AppData\Local\Temp\3582-490\f69076e2b14aa75e2d33cf324bc61e86531dba97_0001023184


									open C:\Users\Ktylfdxy\AppData\Local\Temp\3582-490\d62d903066104a57cb7e8d5bc32e7981b8148b7b_0000293208


									open C:\Users\Bsahqqnw\AppData\Local\Temp\3582-490\eb9d8f1a61d72095d99b648515876273015ffc07_0000570528

Virus.Neshta

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Virus.Neshta

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed