Multi-License Discount Quote

Change Region

English
Threat Database Viruses Virus.Neshta.A

Virus.Neshta.A

By Sumo3000 in Viruses

Threat Scorecard

Popularity Rank: 17,835
Threat Level: 80 % (High)
Infected Computers: 1,840
First Seen: February 24, 2011
Last Seen: February 4, 2026
OS(es) Affected: Windows

Virus.Neshta.A is a PC virus application. Virus.Neshta.A is known to compromise an infected system in a way that allows a remote source to infiltrate a PC. Personal data on a PC infected with Virus.Neshta.A is at risk of being stolen. Additionally, Virus.Neshta.A may download other malware files on an infected machine that the computer user must take precautions to remove. Virus.Neshta.A may lead to other serious issues such as identity theft which is why it is recommended to utilize a trusted virus removal program to safely detect and delete Virus.Neshta.A.

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.D
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.L
BitDefender Trojan.Generic.7048013
AVG SHeur4.AVOB
Antiy-AVL Trojan/win32.agent.gen
Panda Trj/CI.A
Ikarus Trojan-Downloader
AntiVir TR/Dldr.Zlob.Gen2
BitDefender Gen:Adware.Heur.Cu8@WXi2Ywci
Kaspersky Trojan.Win32.Monder.cuxx
F-Prot W32/BadBHO.M.gen!Eldorado
AVG Worm/Delf.FF
Ikarus Virus.Win32.Neshta
AhnLab-V3 Win32/Neshta
Microsoft Virus:Win32/Neshta.A

SpyHunter Detects & Remove Virus.Neshta.A

File System Details

Virus.Neshta.A may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. flrmjkmbalvcijyn.dll 5406489f2a07dada67ffa0ab01367901 8

Registry Details

Virus.Neshta.A may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN XTray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XTray.exe

Analysis Report

General information

Family Name: Virus.Neshta.A
Signature status: No Signature

Known Samples

MD5: a9c1ea465b5e10f7c762dc19b2d3166f
SHA1: e0540c6ff9ade8a6e5170036f1ff090f7e73c7d0
SHA256: F8C0451C18175F8E997F9806FA9433C5F29FC0C6663B373D35A1B0CF7704C7A9
File Size: 1.12 MB, 1123440 bytes
MD5: badf30ddf383a83290f53c75173de34d
SHA1: 97f7823f7a8285667a638701440a54cfa963be7f
SHA256: 2F7D34FF8B26E1049D81242E4F1957A5CD678A67344FE63CA8F6DD2F5E61D149
File Size: 255.17 KB, 255168 bytes
MD5: 570efff45e0a6567ff25a2d189f92203
SHA1: 5b5f58b569a0e38dc01fbcb5ae2f72ca221720c6
SHA256: 70F16E18AA61FF154AF23A06970489DB2CD57636B4B09438A34250680CE7D3AD
File Size: 1.42 MB, 1418288 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • big overlay
  • No Version Info
  • x86

Block Information

Total Blocks: 275
Potentially Malicious Blocks: 38
Whitelisted Blocks: 237
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x 0 x x x x x x x x x 0 x x 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\3582-490\e0540c6ff9ade8a6e5170036f1ff090f7e73c7d0_0001123440 Generic Write,Read Attributes
c:\windows\svchost.com Generic Write,Read Attributes
c:\windows\svchost.com Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command:: C:\WINDOWS\svchost.com "%1" %* RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecute

Shell Command Execution

open C:\Users\Btxlvvki\AppData\Local\Temp\3582-490\e0540c6ff9ade8a6e5170036f1ff090f7e73c7d0_0001123440

Trending

Most Viewed

Loading...