Virus.Neshta.B

By CagedTech in Viruses

Threat Scorecard

Popularity Rank:	8,884
Threat Level:	80 % (High)
Infected Computers:	4,251

First Seen:	October 22, 2012
Last Seen:	February 2, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Win32/Selges.D
Fortinet	W32/Delf.L
Ikarus	Virus.Win32.Neshta
AhnLab-V3	Win32/Neshta
Microsoft	Virus:Win32/Neshta.B
eTrust-Vet	Win32/Neshta.C
Sophos	W32/Bloat-A
McAfee-GW-Edition	Heuristic.BehavesLike.Win32.Suspicious.H
AntiVir	W32/Delf.I
BitDefender	Win32.Neshta.B
Kaspersky	Virus.Win32.Neshta.b
ClamAV	Neshta.B
Avast	Win32:Rootkit-gen [Rtk]
Symantec	W32.Neshuta
NOD32	Win32/Neshta.B

Analysis Report

General information

Family Name:	Virus.Neshta.B
Signature status:	No Signature

Known Samples

MD5: 3c48e7c09291b3540969dfe838f64189

SHA1: ddd78b104f3f223101e7ad010cc04ad03c56e4f7

SHA256: 220034D73C5D8BBB1E0E33C2C55C1381EF38AC739CB0FD6EFEB43A4971608D9D

File Size: 4.89 MB, 4891648 bytes

MD5: b212d9777a145ab85145fba355043b65

SHA1: b8982241ea0b8fa122336fcd2317a7b3a3f43d9d

SHA256: 25A762264C961081B595B5931B1115AC5E5977B836EF385B476007797BD05718

File Size: 3.01 MB, 3011456 bytes

MD5: ef375cb2997a409d6b4335ebda0b47ea

SHA1: b209bf14df622340f11ad70c42b2401dbb37a1c5

SHA256: 59005D6BD4A746DB4192C650DE8F5F29FCA6C27E2D7D0908584595B74B4735AD

File Size: 478.37 KB, 478368 bytes

MD5: c082cf2b0a6f9d9d93044ba9dacd059f

SHA1: 2a88494270b6c798eb7ff93dbd1d0d39e7e3c5f0

SHA256: 1794700190CB6D3CD1A00766CD059270B23C6E5F9DAA3410041AFAFB4D4339BA

File Size: 450.66 KB, 450656 bytes

MD5: 1d27b14a98bf2a22067f9364125decb2

SHA1: 67759d8e3f72ec3e1c963b8381f66d5b5732568b

SHA256: 41AC231D3F1976F6EEA62BE411828F968053E88D187F9DC161C976B39FA07C5A

File Size: 580.18 KB, 580176 bytes

MD5: 3621b31e060dabb968ad9569a21ccc55

SHA1: c7e27807bbd034f67f7c6b6812cba79485ca6ae8

SHA256: B5E85DF9C002E6B55885E9B0A9314AB79AA2A018BDE98D366226BEB569B4B768

File Size: 8.32 MB, 8324096 bytes

MD5: ac7f4ff125287cf2c50c778577e98207

SHA1: 0259f921100beeb478ccc4375a07fac57c716aaa

SHA256: C187A5B823BF2FB19D9E1B4787C60578B29E6E60D606C302F4F53CEDAF5E5D3A

File Size: 214.56 KB, 214560 bytes

MD5: 4d3c62620b03f5953e1a2755ea624723

SHA1: b02dcf0ddbea6d8fd10fbc90e7dafaec8760ad7d

SHA256: 505611308B6DD3990E5311B52C11A70550F3D63938A8D7EECE6EB0266745EFD0

File Size: 3.91 MB, 3911208 bytes

MD5: 42389d3975135f404ed04d7227852c55

SHA1: 26996523d563f721d032e6f69bf178a9ea68c27c

SHA256: 01E5B59A6850A8449D7DCB1701A5BABB4F4CE3A1F804DB6458285E9847C83A1E

File Size: 4.50 MB, 4502912 bytes

MD5: c06e8730baf61af791c17a0944579c46

SHA1: 90e19f3d49964fb554962123cf4f8474d1ee800b

SHA256: F8FC3E952E1ED19E19CE2DD16080D4225E401FDA2253FA699BB38F2534BFFD91

File Size: 1.61 MB, 1611856 bytes

MD5: c532abefe77a2ed63514e9f692996672

SHA1: 86225f1fa8140cf883d033bcf79b1ee31783d4ee

SHA256: F0C61810713C8641E5DF4D21F838E93A8C4F6A4F731EA0F948F38F3FB8E1671F

File Size: 213.60 KB, 213600 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

big overlay
No Version Info
x86

Block Information

Total Blocks:	275
Potentially Malicious Blocks:	38
Whitelisted Blocks:	237
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x 0 x x x x x x x x x 0 x x 0 0 x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{042d2~1\vcredi~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{33d1f~1\vcredi~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{47109~1\vc_red~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{5af95~1\vc_red~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{9dff3~1\vcredi~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{ca675~1\vcredi~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\__sand~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~2.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\sandbo~1\shsand~1.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3582-490\90e19f3d49964fb554962123cf4f8474d1ee800b_0001611856	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b02dcf0ddbea6d8fd10fbc90e7dafaec8760ad7d_0003911208	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b8982241ea0b8fa122336fcd2317a7b3a3f43d9d_0003011456	Generic Write,Read Attributes
c:\windows\svchost.com	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command::	C:\WINDOWS\svchost.com "%1" %*	RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	ShellExecute

Shell Command Execution


							open C:\Users\Nzziibtc\AppData\Local\Temp\3582-490\b8982241ea0b8fa122336fcd2317a7b3a3f43d9d_0003011456


							open C:\Users\Mpxufxpq\AppData\Local\Temp\3582-490\b02dcf0ddbea6d8fd10fbc90e7dafaec8760ad7d_0003911208


							open C:\Users\Felqfusn\AppData\Local\Temp\3582-490\90e19f3d49964fb554962123cf4f8474d1ee800b_0001611856

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Virus.Neshta.B

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Green Blood Ransomware

Bofra.A

MegaCortex, a Matrix-Inspired Ransomware Is on the...

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...