Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 3, 2024, 6:24 p.m.	March 3, 2024, 6:30 p.m.

Size	1.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`77b0a4cc8efa2b582c0fd137858e9ef5`
SHA256	`2b1e90bc6f9776e3f4d0f8883a9f3f6a1654827883dc67dd0c3a5581b27d38ba`
CRC32	`D0AB6FEE`
ssdeep	`24576:EtnO5wUAGYcb5PL1brHUCMdr6Z64AfAQn652WO3pAh:GG1Yevbr0ldr6ZEnckAh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check

Pinnacle_Ware_20240229164336371.exe "C:\Users\test22\AppData\Local\Temp\Pinnacle_Ware_20240229164336371.exe"
1880
- Pinnacle_Ware_20240229164336371.exe "C:\Users\test22\AppData\Local\Temp\3582-490\Pinnacle_Ware_20240229164336371.exe"
  2060

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Tries to locate where the browsers are installed (1 event)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 3, 2024, 6:24 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

Creates executable files on the filesystem (50 out of 121 events)

file	C:\Program Files (x86)\Hnc\HncUtils\HncUpdate.exe
file	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
file	C:\Program Files (x86)\Hnc\Hwp80\Hwp.exe
file	C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaw.exe
file	C:\Program Files (x86)\Google\Update\1.3.36.101\GoogleUpdate.exe
file	C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE
file	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
file	C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssvagent.exe
file	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
file	C:\Program Files (x86)\Google\Update\1.3.36.101\GoogleUpdateBroker.exe
file	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
file	C:\MSOCache\All Users\{91150000-0011-0000-0000-0000000FF1CE}-C\ose.exe
file	C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.36.102\GoogleUpdateSetup.exe
file	C:\Program Files (x86)\Microsoft Office\Office15\CNFNOT32.EXE
file	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\Office Setup Controller\ODeploy.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\LICLUA.EXE
file	C:\Program Files (x86)\Google\Update\1.3.36.101\GoogleCrashHandler64.exe
file	C:\Program Files (x86)\Hnc\Common80\HimTrayIcon.exe
file	C:\Program Files (x86)\Java\jre1.8.0_131\bin\unpack200.exe
file	C:\Program Files (x86)\Hnc\Hwp80\HwpFinder.exe
file	C:\Program Files (x86)\Hnc\HncUtils\HncInfo.exe
file	C:\Program Files (x86)\EditPlus\editplus.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
file	C:\Program Files (x86)\Microsoft Office\Office15\DCF\DATABASECOMPARE.EXE
file	C:\MSOCache\All Users\{91150000-0011-0000-0000-0000000FF1CE}-C\setup.exe
file	C:\Program Files (x86)\Hnc\Hwp80\HwpPrnMng.exe
file	C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe
file	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\FLTLDR.EXE
file	C:\Program Files (x86)\Common Files\Adobe\__ARM\1.0\AdobeARM.exe
file	C:\Program Files (x86)\Google\Update\Install\{9946EF02-26CF-4F0D-BC28-8677420F30DD}\GoogleUpdateSetup.exe
file	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE
file	C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE
file	C:\Program Files (x86)\Microsoft Office\Office15\misc.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\Office Setup Controller\Setup.exe
file	C:\Program Files (x86)\Hnc\Common80\HncReporter.exe
file	C:\Program Files (x86)\Google\Temp\GUM3F2D.tmp\GoogleUpdateBroker.exe
file	C:\Program Files (x86)\7-Zip\7zFM.exe
file	C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaws.exe
file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files (x86)\Google\Update\1.3.36.101\GoogleCrashHandler.exe
file	C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\notification_helper.exe
file	C:\Program Files (x86)\Common Files\Adobe\__ARM\1.0\AdobeARMHelper.exe
file	C:\Program Files (x86)\Google\Temp\GUM3F2D.tmp\GoogleUpdateCore.exe
file	C:\Program Files (x86)\Hnc\HncDic80\HncDic.exe
file	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
file	C:\Program Files (x86)\EditPlus\remove.exe
file	C:\Program Files (x86)\Google\Temp\GUM3F2D.tmp\GoogleUpdateComRegisterShell64.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOICONS.EXE

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default)

reg_value

C:\Windows\svchost.com "%1" %*

File has been identified by 66 AntiVirus engines on VirusTotal as malicious (50 out of 66 events)

Bkav	W32.NeshtaB.PE
Lionic	Virus.Win32.Neshta.tn9H
Elastic	Windows.Virus.Neshta
Cynet	Malicious (score: 100)
CAT-QuickHeal	W32.Neshta.C8
Skyhigh	BehavesLike.Win32.HLLP.th
ALYac	Win32.Neshta.A
Cylance	unsafe
VIPRE	Win32.Neshta.A
Sangfor	Virus.Win32.Neshta.a
K7AntiVirus	Virus ( 00556e571 )
BitDefender	Win32.Neshta.A
K7GW	Virus ( 00556e571 )
Cybereason	malicious.f38598
Arcabit	Win32.Neshta.A
Baidu	Win32.Virus.Neshta.a
VirIT	Win32.Delf.FE
Symantec	W32.Neshuta
ESET-NOD32	Win32/Neshta.A
APEX	Malicious
McAfee	W32/HLLP.41472.e
Avast	Win32:Apanas [Trj]
ClamAV	Win.Trojan.Neshuta-1
Kaspersky	Virus.Win32.Neshta.a
Alibaba	Virus:Win32/Neshta.3bb
NANO-Antivirus	Trojan.Win32.Winlock.fmobyw
MicroWorld-eScan	Win32.Neshta.A
Rising	Virus.Neshta!1.EFA5 (CLASSIC)
Emsisoft	Win32.Neshta.A (B)
F-Secure	Malware.W32/Neshta.A
DrWeb	Win32.HLLP.Neshta
Zillya	Virus.Neshta.Win32.1
TrendMicro	PE_NESHTA.A
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.77b0a4cc8efa2b58
Sophos	W32/Neshta-D
Ikarus	Virus.Win32.Neshta
Jiangmin	Virus.Neshta.a
Google	Detected
Avira	W32/Neshta.A
MAX	malware (ai score=88)
Antiy-AVL	Virus/Win32.Neshta.a
Kingsoft	Win32.Neshta.nl.30720
Gridinsoft	Virus.Win32.Neshta.ka!s8
Xcitium	Win32.Neshta.A@3ypg
Microsoft	Virus:Win32/Neshta.A
ViRobot	Win32.Neshta.Gen.A
ZoneAlarm	Virus.Win32.Neshta.a
GData	Win32.Virus.Neshta.D
Varist	W32/Neshta.OBIX-2981

Pinnacle_Ware_20240229164336371.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All