Multi-License Discount Quote

Change Region

English
Threat Database Viruses Virus.Win32.Neshta.a

Virus.Win32.Neshta.a

By GoldSparrow in Viruses

Threat Scorecard

Popularity Rank: 17,835
Threat Level: 80 % (High)
Infected Computers: 1,840
First Seen: February 24, 2011
Last Seen: February 4, 2026
OS(es) Affected: Windows

Virus.Win32.Neshta.a is a Windows platform virus. Once inside a system, Virus.Win32.Neshta.a will infect targeted executable files with its own body and cause the system to deteriorate in performance. Virus.Win32.Neshta.a is able to give remote attackers access to a system and the private information stored on it. Virus.Win32.Neshta.a may also modify the security settings and Windows registry when inside a computer. Remove Virus.Win32.Neshta.a from your PC upon detection.

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.D
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.L
BitDefender Trojan.Generic.7048013
AVG SHeur4.AVOB
Antiy-AVL Trojan/win32.agent.gen
Panda Trj/CI.A
Ikarus Trojan-Downloader
AntiVir TR/Dldr.Zlob.Gen2
BitDefender Gen:Adware.Heur.Cu8@WXi2Ywci
Kaspersky Trojan.Win32.Monder.cuxx
F-Prot W32/BadBHO.M.gen!Eldorado
AVG Worm/Delf.FF
Ikarus Virus.Win32.Neshta
AhnLab-V3 Win32/Neshta
Microsoft Virus:Win32/Neshta.A

SpyHunter Detects & Remove Virus.Win32.Neshta.a

File System Details

Virus.Win32.Neshta.a may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. flrmjkmbalvcijyn.dll 5406489f2a07dada67ffa0ab01367901 8

Analysis Report

General information

Family Name: Virus.Neshta.A
Signature status: No Signature

Known Samples

MD5: a9c1ea465b5e10f7c762dc19b2d3166f
SHA1: e0540c6ff9ade8a6e5170036f1ff090f7e73c7d0
SHA256: F8C0451C18175F8E997F9806FA9433C5F29FC0C6663B373D35A1B0CF7704C7A9
File Size: 1.12 MB, 1123440 bytes
MD5: badf30ddf383a83290f53c75173de34d
SHA1: 97f7823f7a8285667a638701440a54cfa963be7f
SHA256: 2F7D34FF8B26E1049D81242E4F1957A5CD678A67344FE63CA8F6DD2F5E61D149
File Size: 255.17 KB, 255168 bytes
MD5: 570efff45e0a6567ff25a2d189f92203
SHA1: 5b5f58b569a0e38dc01fbcb5ae2f72ca221720c6
SHA256: 70F16E18AA61FF154AF23A06970489DB2CD57636B4B09438A34250680CE7D3AD
File Size: 1.42 MB, 1418288 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • big overlay
  • No Version Info
  • x86

Block Information

Total Blocks: 275
Potentially Malicious Blocks: 38
Whitelisted Blocks: 237
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x 0 x x x x x x x x x 0 x x 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\3582-490\e0540c6ff9ade8a6e5170036f1ff090f7e73c7d0_0001123440 Generic Write,Read Attributes
c:\windows\svchost.com Generic Write,Read Attributes
c:\windows\svchost.com Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command:: C:\WINDOWS\svchost.com "%1" %* RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecute

Shell Command Execution

open C:\Users\Btxlvvki\AppData\Local\Temp\3582-490\e0540c6ff9ade8a6e5170036f1ff090f7e73c7d0_0001123440

Trending

Most Viewed

Loading...