Multi-License Discount Quote

Change Region

English
Threat Database Viruses Virus.Neshta.B

Virus.Neshta.B

By CagedTech in Viruses

Threat Scorecard

Popularity Rank: 5,266
Threat Level: 80 % (High)
Infected Computers: 4,284
First Seen: October 22, 2012
Last Seen: April 3, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
AVG Win32/Selges.D
Fortinet W32/Delf.L
Ikarus Virus.Win32.Neshta
AhnLab-V3 Win32/Neshta
Microsoft Virus:Win32/Neshta.B
eTrust-Vet Win32/Neshta.C
Sophos W32/Bloat-A
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H
AntiVir W32/Delf.I
BitDefender Win32.Neshta.B
Kaspersky Virus.Win32.Neshta.b
ClamAV Neshta.B
Avast Win32:Rootkit-gen [Rtk]
Symantec W32.Neshuta
NOD32 Win32/Neshta.B

Analysis Report

General information

Family Name: Virus.Neshta.B
Signature status: No Signature

Known Samples

MD5: 3c48e7c09291b3540969dfe838f64189
SHA1: ddd78b104f3f223101e7ad010cc04ad03c56e4f7
SHA256: 220034D73C5D8BBB1E0E33C2C55C1381EF38AC739CB0FD6EFEB43A4971608D9D
File Size: 4.89 MB, 4891648 bytes
MD5: b212d9777a145ab85145fba355043b65
SHA1: b8982241ea0b8fa122336fcd2317a7b3a3f43d9d
SHA256: 25A762264C961081B595B5931B1115AC5E5977B836EF385B476007797BD05718
File Size: 3.01 MB, 3011456 bytes
MD5: ef375cb2997a409d6b4335ebda0b47ea
SHA1: b209bf14df622340f11ad70c42b2401dbb37a1c5
SHA256: 59005D6BD4A746DB4192C650DE8F5F29FCA6C27E2D7D0908584595B74B4735AD
File Size: 478.37 KB, 478368 bytes
MD5: c082cf2b0a6f9d9d93044ba9dacd059f
SHA1: 2a88494270b6c798eb7ff93dbd1d0d39e7e3c5f0
SHA256: 1794700190CB6D3CD1A00766CD059270B23C6E5F9DAA3410041AFAFB4D4339BA
File Size: 450.66 KB, 450656 bytes
MD5: 1d27b14a98bf2a22067f9364125decb2
SHA1: 67759d8e3f72ec3e1c963b8381f66d5b5732568b
SHA256: 41AC231D3F1976F6EEA62BE411828F968053E88D187F9DC161C976B39FA07C5A
File Size: 580.18 KB, 580176 bytes
Show More
MD5: 3621b31e060dabb968ad9569a21ccc55
SHA1: c7e27807bbd034f67f7c6b6812cba79485ca6ae8
SHA256: B5E85DF9C002E6B55885E9B0A9314AB79AA2A018BDE98D366226BEB569B4B768
File Size: 8.32 MB, 8324096 bytes
MD5: ac7f4ff125287cf2c50c778577e98207
SHA1: 0259f921100beeb478ccc4375a07fac57c716aaa
SHA256: C187A5B823BF2FB19D9E1B4787C60578B29E6E60D606C302F4F53CEDAF5E5D3A
File Size: 214.56 KB, 214560 bytes
MD5: 4d3c62620b03f5953e1a2755ea624723
SHA1: b02dcf0ddbea6d8fd10fbc90e7dafaec8760ad7d
SHA256: 505611308B6DD3990E5311B52C11A70550F3D63938A8D7EECE6EB0266745EFD0
File Size: 3.91 MB, 3911208 bytes
MD5: 42389d3975135f404ed04d7227852c55
SHA1: 26996523d563f721d032e6f69bf178a9ea68c27c
SHA256: 01E5B59A6850A8449D7DCB1701A5BABB4F4CE3A1F804DB6458285E9847C83A1E
File Size: 4.50 MB, 4502912 bytes
MD5: c06e8730baf61af791c17a0944579c46
SHA1: 90e19f3d49964fb554962123cf4f8474d1ee800b
SHA256: F8FC3E952E1ED19E19CE2DD16080D4225E401FDA2253FA699BB38F2534BFFD91
File Size: 1.61 MB, 1611856 bytes
MD5: c532abefe77a2ed63514e9f692996672
SHA1: 86225f1fa8140cf883d033bcf79b1ee31783d4ee
SHA256: F0C61810713C8641E5DF4D21F838E93A8C4F6A4F731EA0F948F38F3FB8E1671F
File Size: 213.60 KB, 213600 bytes
MD5: 7f8d128dce1f0d430d316a75ce506633
SHA1: b733af9f4f8e407867f1b88596f19506924c81be
SHA256: A035BE97C12C489B24EAD4B89EA0CDF37598CD16A052CBCD0DA882BD91C66360
File Size: 996.20 KB, 996200 bytes
MD5: e62dec31130fe8615dc9edb540bf85c6
SHA1: bef9f6fc2629b0fa215538c5db6092bd5f4d67a1
SHA256: C55E0B1D86D9A174E26307584B51C2613F32578D66E175E612885EA4F299C20D
File Size: 1.22 MB, 1217608 bytes
MD5: 5d124011a4abd31d195ae05ea0a67056
SHA1: 7fdeb8c3014f922aa7ee2a64689ae2a4897d90dd
SHA256: C29D7C961B8717F09B44D6A95A3804545E93F2D15A147CD982EA78F50937FFC7
File Size: 132.69 KB, 132688 bytes
MD5: 746beb02e7eed7c12ce9f01e04f76f5e
SHA1: 3949cea55c9c95d3b02c50fb943061a468376354
SHA256: 590EAB62F4C1C5588DEA74A1EF558438AED7E12A67050CD53E7ABD9FF2D538CE
File Size: 620.98 KB, 620984 bytes
MD5: 3df051cc43dc3ca0c8c0138743697666
SHA1: 8ee93b0c757673d541d1380c5393a20da0230fcc
SHA256: CD7E9B9D309E162BCB602E60C96EDDBAF0EEA64AE92FA4C480293F1C44D5BC9A
File Size: 1.76 MB, 1760728 bytes
MD5: ab2b39e081dd8856090e5bbd008c417d
SHA1: d5e03648090bea90f34d9a787621f53806910b98
SHA256: D5C8485753E81197F82227DF781FA748954E5850CEDCFCBFBCBADC2D4BD192EB
File Size: 116.99 KB, 116992 bytes
MD5: f3ab0d1391dcac0fd44bcb5b1512784c
SHA1: 7bc36d31a663747f6c14a702f9f0df60145739e5
SHA256: 872DF095AED52158CC17BF87609356BF4011BACB784F727D180B3D4C5D010FDB
File Size: 3.84 MB, 3842640 bytes
MD5: 8c79c8c7d6bcd3a9e6292989053afbb3
SHA1: 95fcad84661c5c40a90ad65b14ee0e94f25ac1e4
SHA256: 06E4A70095B8FAE728E72AF4507E048B99363C3A4DF79983023AB2D148CD386D
File Size: 192.53 KB, 192528 bytes
MD5: e9ac6d208cad3cf33e651376bc9c709a
SHA1: 05d15fcd179e56857dbfd629fcd85a097418b8d8
SHA256: 8ABFA8CA6A015269E3A723A7D676B3B84CC5BFD094208D66D943C60ED50077DA
File Size: 657.41 KB, 657408 bytes
MD5: edd0bcf231027dafdef54f80809959f1
SHA1: c4b9e94cd6d3c388ca5aa0ed8b3c78ff26b2fdb5
SHA256: 617432935753DAC6D7A2E6342D6BCF3FC5A396C13BA76965269D381AE4334A28
File Size: 497.14 KB, 497136 bytes
MD5: d55ebf68a15c3ecc3995c085608d414b
SHA1: d65e52bbc46f1aafb5c7917f73bde66e419ecbb8
SHA256: A432CA71845B0F03ADED88EE9D631B48DA9EB9F25C56DDFBFD437114529EA258
File Size: 2.66 MB, 2655608 bytes
MD5: 2bb74148cef90ac25aea1dc75862c450
SHA1: e95495aaba499c6fefb1be9e09606efba00dc421
SHA256: 3888DDF7CA151443C38E7953C102BC862F624398709D1C51E5E8C7F78CE539E7
File Size: 1.10 MB, 1099264 bytes
MD5: 32d8f761ba0d2e8f4f15eaca4d1ddbc9
SHA1: 7492dea6063ebc6d68f1b36aa56754394c36283b
SHA256: 6D9CB4A938B88D7F6CCFBAC00A0625C3331C9F797D355037A9B9B11F8EFA9BC7
File Size: 1.49 MB, 1491968 bytes
MD5: e488a6450e497700840caf72ba122d4d
SHA1: 42e35f161105a2fbc391124c82f32acc7e36f52b
SHA256: A03F60476B959A5C6FDDEC306E34FEA635290DE88EF2BCCA959F3D7DB3A81DFC
File Size: 195.60 KB, 195600 bytes
MD5: 461c1acd6d67f6a441fa73df67475d3a
SHA1: 9ffc49a448a364dfc5084a9532410554e064fb0e
SHA256: 4D37BE44E48996FD6F627434335AD0F60B36C8823FC6A63124882C31636638B6
File Size: 2.98 MB, 2982104 bytes
MD5: 21c307cd788a8d1419bfe39564341e57
SHA1: 283670b4639b9f690c2d24dfb2d41450eda6bf66
SHA256: 3F4C618AE67778AB1F8D382AB36BA3C4DFD914C264449ACEB68DAA19035221BD
File Size: 260.10 KB, 260096 bytes
MD5: 3752e9d521b19dc0b9c693fcf27fb1e1
SHA1: 00c89c060ca107a373ec128136e9507110c078d2
SHA256: 8FECBF94ED01954A4171DB89630F9DE17F2DF1A9028AEC66263A3F8D4A239BA1
File Size: 98.30 KB, 98304 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • big overlay
  • No Version Info
  • x86

Block Information

Total Blocks: 275
Potentially Malicious Blocks: 38
Whitelisted Blocks: 237
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x 0 x x x x x x x x x 0 x x 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Jeefo.A
  • Parite.F
  • Parite.FA
  • Parite.W

Files Modified

File Attributes
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{042d2~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{33d1f~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{47109~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{5af95~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{9dff3~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{ca675~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\__sand~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~2.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\sandbo~1\shsand~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3582-490\05d15fcd179e56857dbfd629fcd85a097418b8d8_0000657408 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\42e35f161105a2fbc391124c82f32acc7e36f52b_0000195600 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\8ee93b0c757673d541d1380c5393a20da0230fcc_0001760728 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\90e19f3d49964fb554962123cf4f8474d1ee800b_0001611856 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b02dcf0ddbea6d8fd10fbc90e7dafaec8760ad7d_0003911208 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b8982241ea0b8fa122336fcd2317a7b3a3f43d9d_0003011456 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\d65e52bbc46f1aafb5c7917f73bde66e419ecbb8_0002655608 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\e95495aaba499c6fefb1be9e09606efba00dc421_0001099264 Generic Write,Read Attributes
c:\users\user\downloads\e95495aaba499c6fefb1be9e09606efba00dc421_0001099264 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\e95495aaba499c6fefb1be9e09606efba00dc421_0001099264 Generic Write,Read Attributes
c:\users\user\downloads\e95495aaba499c6fefb1be9e09606efba00dc421_0001099264 Synchronize,Write Attributes
c:\windows\svchost.com Generic Write,Read Attributes
c:\windows\svchost.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command:: C:\WINDOWS\svchost.com "%1" %* RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecute
Process Manipulation Evasion
  • NtUnmapViewOfSection
Service Control
  • StartServiceCtrlDispatcher

Shell Command Execution

open C:\Users\Nzziibtc\AppData\Local\Temp\3582-490\b8982241ea0b8fa122336fcd2317a7b3a3f43d9d_0003011456
open C:\Users\Mpxufxpq\AppData\Local\Temp\3582-490\b02dcf0ddbea6d8fd10fbc90e7dafaec8760ad7d_0003911208
open C:\Users\Felqfusn\AppData\Local\Temp\3582-490\90e19f3d49964fb554962123cf4f8474d1ee800b_0001611856
open C:\Users\Uduwittz\AppData\Local\Temp\3582-490\8ee93b0c757673d541d1380c5393a20da0230fcc_0001760728
open C:\Users\Dkzrwajh\AppData\Local\Temp\3582-490\05d15fcd179e56857dbfd629fcd85a097418b8d8_0000657408
Show More
open C:\Users\Uwllgugx\AppData\Local\Temp\3582-490\d65e52bbc46f1aafb5c7917f73bde66e419ecbb8_0002655608
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e95495aaba499c6fefb1be9e09606efba00dc421_0001099264"
"c:\users\user\downloads\e95495aaba499c6fefb1be9e09606efba00dc421_0001099264"
open C:\Users\Hwfhxnpr\AppData\Local\Temp\3582-490\e95495aaba499c6fefb1be9e09606efba00dc421_0001099264
open C:\Users\Klkzvqgv\AppData\Local\Temp\3582-490\42e35f161105a2fbc391124c82f32acc7e36f52b_0000195600

Trending

Most Viewed

Loading...