popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

reg.bk.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 2, 2021, 7:46 a.m. April 2, 2021, 7:46 a.m.
Size 1.1MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3fb887b5886aaf9b3b5103d868c56c84
SHA256 564bccc2cfbd6f6f0ec6951dfed4f68f8ead7ea39b6777bbe512aff6f50f28a0
CRC32 57210D46
ssdeep 24576:yBu2XV04jnHW8VwBYcOa3sM6zlYzLhQ0zJ68VQWWRWqMOoU:qu4jHmScOcsvWkq3+
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section CODE
section DATA
section BSS
Bkav W32.NeshtaB.PE
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal W32.Neshta.C8
McAfee W32/HLLP.41472.e
Malwarebytes Neshta.Virus.FileInfector.DDS
Zillya Virus.Neshta.Win32.1
K7AntiVirus Virus ( 00556e571 )
Alibaba Virus:Win32/Neshta.288
K7GW Virus ( 00556e571 )
Cybereason malicious.5886aa
Arcabit Win32.Neshta.A
Baidu Win32.Virus.Neshta.a
Cyren W32/Neshta.OBIX-2981
Symantec W32.Neshuta
ESET-NOD32 Win32/Neshta.A
APEX Malicious
Avast Win32:Apanas [Trj]
ClamAV Win.Trojan.Neshuta-1
Kaspersky Virus.Win32.Neshta.a
BitDefender Win32.Neshta.A
NANO-Antivirus Trojan.Win32.Winlock.fmobyw
Paloalto generic.ml
AegisLab Virus.Win32.Neshta.tn9H
MicroWorld-eScan Win32.Neshta.A
Tencent Virus.Win32.Neshta.a
Ad-Aware Win32.Neshta.A
Sophos Mal/Generic-R + W32/Neshta-D
Comodo Win32.Neshta.A@3ypg
DrWeb Win32.HLLP.Neshta
VIPRE Virus.Win32.Neshta.a (v)
TrendMicro PE_NESHTA.A
McAfee-GW-Edition BehavesLike.Win32.HLLP.tc
FireEye Generic.mg.3fb887b5886aaf9b
Emsisoft Win32.Neshta.A (B)
SentinelOne Static AI - Malicious PE
Jiangmin Virus.Neshta.a
Avira W32/Neshta.A
Kingsoft Win32.Infected.neshta.nl.(kcloud)
Gridinsoft Virus.Neshta.A.sd!yf
Microsoft Virus:Win32/Neshta.A
ViRobot Win32.Neshta.Gen.A
GData Win32.Virus.Neshta.D
TACHYON Virus/W32.Neshta
AhnLab-V3 Win32/Neshta
Acronis suspicious
BitDefenderTheta AI:FileInfector.D5C3B0640E
ALYac Win32.Neshta.A
MAX malware (ai score=100)
VBA32 Virus.Win32.Neshta.a