Multi-License Discount Quote

Change Region

English
Threat Database Viruses Virus.Neshta.D

Virus.Neshta.D

By CagedTech in Viruses

Threat Scorecard

Popularity Rank: 4,144
Threat Level: 80 % (High)
Infected Computers: 6,470
First Seen: October 30, 2021
Last Seen: April 3, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Virus.Neshta.D
Signature status: No Signature

Known Samples

MD5: e06e27990ecbec385e5146881e1fce9f
SHA1: f110a26e23499941ef95ef2c422c3ca57e4204bc
SHA256: AF2B12F0104672A1A994BAC5A5CBFFD7CA980E9C4E71A9C3594A100B92C69F13
File Size: 2.92 MB, 2920152 bytes
MD5: f056d49db78f74c180712d8fec59c8db
SHA1: b82624f656c41032be4e7953bebcd4bfdb71d434
SHA256: E81CC1F765146163ACEA0F6E1166FD37BDD2A6B50D976945B77AA4049E9BB28F
File Size: 326.17 KB, 326167 bytes
MD5: 24fff0a23bf0efbc6128244a4438888a
SHA1: 61bfc34cfc9aafd8263b0c4fedd4c1b993cb8d52
SHA256: 535784C5A55B1B1C2728A0FAA208DA7C10EC6447AC24D133D3C1DA1E5A465312
File Size: 752.80 KB, 752800 bytes
MD5: d43e1bd84ee11ab9abbfee5b79da8196
SHA1: b96ea55fbacc0fac5d42c314decdaf00c4946646
SHA256: 612AA3FD731FCD0862D4058F41EB1D1FAC0ABD2B2BED3D9F5A52404CDFFD5D3D
File Size: 2.75 MB, 2752312 bytes
MD5: 5a38c3b59ecc6a702e65ce6580c8cca2
SHA1: c4b3094ab0af7b32fc744a01e003815a889087a5
SHA256: 101D5F4178263D2F5E541997B14AFFE7E6015BEC458EE1C6AED83BE4555B0096
File Size: 1.22 MB, 1223680 bytes
Show More
MD5: 28c652cb4dac279085cfdfa3a193dbd1
SHA1: a8b37a40951edfb6b0bb506b860c6b10be6a284e
SHA256: 3EE1A539F10DA63F19321EF88B5BC9D4DBEB89B4301E7BED54ED334D91DE516B
File Size: 695.30 KB, 695296 bytes
MD5: b8eb3d6024cd006c590770e939d528fd
SHA1: bb420822a8dc5685833488c0a43eb81b0c8011f5
SHA256: 540BE35AEC0168056FDAD5DFA1A24CB7304D42DB5600EAFFAF2FFB089F13B31B
File Size: 7.70 MB, 7700520 bytes
MD5: 79378e631b5ef30786e0b3b14a0a6602
SHA1: c838cb8e1a5d453cdc81413ff2e416249f312ef2
SHA256: 2AC3DEFA0144053F561B24F3281092178B258933B8CE7A531C908BC7230EF3A3
File Size: 3.72 MB, 3722672 bytes
MD5: bf9ace87acae0f8abddf40a78c288788
SHA1: d8b74d9ae5550b8b6ec6319f48f428130128cb67
SHA256: 8656CEE42843BB2CAF3AFEED7438B5A0C5BF1A141D8BE93869AF829AAFCA91CE
File Size: 8.76 MB, 8755200 bytes
MD5: 42428f7e5e23800a6d6d5e55ea439a35
SHA1: 59dc930e535d16cc5ef2310e931ffe6c504f5c75
SHA256: 87888A8E630849ADBA6058DDB74F41768D40FB0C8573899259C8325CEDAF4DE2
File Size: 666.22 KB, 666224 bytes
MD5: 3adb9fd7d5da6b887a069a502283b22a
SHA1: a4b00f1db6f47f427db2710bac3432c008732147
SHA256: 4672C6A56F3F2148FE9AD703D88CB0715BA7CAB37D26912F1E125650FC01AC60
File Size: 487.82 KB, 487824 bytes
MD5: e4680f6f1207732bcda9440e227220c5
SHA1: 0fb7661e55082a2d50fbe0ef22cacae9c4643301
SHA256: F7ED2D43376F6280F44DE1D131A4E2CB88F52F260545234F05F97B55ABDC1557
File Size: 7.81 MB, 7813200 bytes
MD5: d915f967e9c12491e6d11821ad8d0917
SHA1: 6ba7a62a69d75b9b985eb3bba96e025139699444
SHA256: C2D70E5ED0707EDA3D42CE782BA29EEE4DF3E838E7EC161BA17437178F779924
File Size: 6.16 MB, 6164632 bytes
MD5: 3b5ca2d39828ddd3b7bc537871a0fc16
SHA1: 0f88d770732f8d896bb6cc68b8a00b51a6d07356
SHA256: 9205C611992DA976DA416E6A6EB89D74DB23623F9379E7F2FDE279D4F24E2391
File Size: 7.10 MB, 7098008 bytes
MD5: 6fff30ca9f92c1a278cb5be855027aae
SHA1: cbccd3f68996cd1e0e53f0e5dc89dae70d281978
SHA256: 84225D775298DDD8A0E2DC77E81CFB12123D893A65828CBF808C89FA5AA0003C
File Size: 112.38 KB, 112384 bytes
MD5: c76cabab93145003cbddf9e5e871d04a
SHA1: feb517ed46221e7152b2f3aeb78be94524fc9fd0
SHA256: E01EFB2E8DFA973B32A48B9DE8E5FE50FB9D0B97D2740D86980ECE543E8C9875
File Size: 1.45 MB, 1450400 bytes
MD5: fe1d6cda08ee55caff6f692bd2b8fe56
SHA1: cb54cca60cd98ad2a07591f1ab078abeee874a19
SHA256: DBE49E68584B783470DD755A43D854A6D247170A62A25D89ECAAF5582C661047
File Size: 7.71 MB, 7706704 bytes
MD5: 55d0b754489381140b2626ef807b031b
SHA1: 2b936e006a3fef7f210eaf52afa9f7ec72597cb4
SHA256: 8E8EE42D0B06F6B4D56D068BAC74992674DF0AE2C563565A3C87946114CD1E1F
File Size: 467.97 KB, 467968 bytes
MD5: 60492fe1604143fbc69f87b46b59da83
SHA1: 2d2f7d4df1130e4c5658c8fafe83104f2f94f637
SHA256: A080E7EF4358311C5A0F4C8AF3B6A80FD1DC32115250251F5F960EEC850D7345
File Size: 3.67 MB, 3666832 bytes
MD5: 53a440986e8d3a274eeb1ed8e6ffad5a
SHA1: d410c2de0a79f30b80ca46a5ccaa609928b5fb6b
SHA256: 59860DF3B0648B7F80A50171FB2EAEB3665E2906C53E341CC80B549363DD8949
File Size: 688.17 KB, 688168 bytes
MD5: ef05824a55320c1d09513bec7aa1b7d1
SHA1: 407224d5e49f60fbde6bf2e3698fec1eb55a6ef6
SHA256: 54EA8BD3CD7CAAA11C87D354F4030A4D185D45E6D2E02BCEFCCDC236861358E1
File Size: 793.68 KB, 793680 bytes
MD5: c943e44543bf98ef80df53b5461a3239
SHA1: b80c11a919921a65426fc3bb528086fcb48a1893
SHA256: F41AAE145847473BC24E18ED99104C912EEEC54FBF7BD3EBBDAE401218491851
File Size: 9.37 MB, 9374360 bytes
MD5: b0705f7036df2609918a2125ac72af34
SHA1: 4209d791b5f9a3f3975a8c8326696d1df5baa842
SHA256: A952E375EF8ED3ED2AD4DE10CFA609936C2D0B3A010D91248F210F8DC12A7F93
File Size: 338.15 KB, 338152 bytes
MD5: 59bbc12088c63ee0df83ef488fc93e80
SHA1: 86c727654145ea0699e1e838f998ed04bc74c638
SHA256: 824A10BF3E90C90CBDBE631EF4762A678D3EBD1E4C01F75C069DBDFCD235EBF9
File Size: 2.88 MB, 2879568 bytes
MD5: f62e0ddafe2e9b81f4fe29fcf10b25de
SHA1: ccfb650d89e38d5986a94b39527aa492f026bad5
SHA256: A79387DE372A96A6D3E0B932339017AA70E76A888F39CAC4544EC72288DE795A
File Size: 656.90 KB, 656896 bytes
MD5: 59d078868ce2fe5f919cb42e2719b75c
SHA1: b53c9c9c9281ddc3038d99d0245b6f96e4b0a79e
SHA256: 5EEAAE98AE40275DF693EB879929D8906D266B8A4A3DA10EE0CA88BF5FABACA4
File Size: 2.27 MB, 2265600 bytes
MD5: 1b602e52973fb0263d65ee31afaae5fc
SHA1: ae090b47b5f75771372bc3d50115b681ad89b000
SHA256: D729C60A7E490449D0EE65CC2A65AF4EAD0186DC64F6EA439147E2B47B440ECF
File Size: 411.65 KB, 411648 bytes
MD5: 239bc592644b59026e0953bb6e5536e3
SHA1: 6ec8238f3fea2fc749ff3596dc65ef6c88fa8355
SHA256: FE88CBDFA2E81EEABA434B82853B2F45D0DCF032B56F25169E06C5ADBD0429D6
File Size: 201.74 KB, 201744 bytes
MD5: 931cd6a2df4322d0ab2030cd4f729408
SHA1: e651509a6ae5f497353d02c2b4adcc3ea08b4afe
SHA256: 857FD24EAD9CDDFB91E0EFB9D8F4ECE85CAD1F46C2851BCECFEA6CCF3DA6D516
File Size: 1.30 MB, 1295008 bytes
MD5: 35ec939832495f1cdd7a260673c9756e
SHA1: e5d385f9b8f20297ab95e444008c601cae5c3da3
SHA256: 193033E0A67305105999C30732AA31DBA33BB00072EAFFD63819B4A8B9631DA7
File Size: 4.76 MB, 4755368 bytes
MD5: 17d62507572abd4a877ba817f8c07e3f
SHA1: 62c979f2c6ba8f56c30a6c808014acf9ee1fd576
SHA256: 04E8961B478BC9BB020498A88DD07C9C5F3E22E2385112A0A4D406AA28FB1FF7
File Size: 1.70 MB, 1700808 bytes
MD5: b283f3b389762470f324dfe09e78eeda
SHA1: d4696c9e1a58d85ebaac9900777bab1395c7c5c9
SHA256: F562731C861B845D3855F1EB2FD3E3A7985C339141D0FDF3B440CB58F83CA53F
File Size: 1.29 MB, 1294352 bytes
MD5: 6bac7b19ef1fa1840c15cb93edf31637
SHA1: 6e7eae352a0197c7a2e547bd1b7653f89ee2aecc
SHA256: EBB48102EABCFBB82956BC45F552A9AE04154BD27FAA91EF5D2F94117A3C7649
File Size: 3.41 MB, 3410432 bytes
MD5: 959ffb78fd9a321ef5196d49411ba4e0
SHA1: eae300d0d823e77f28e870a11f167bcc5605070b
SHA256: 8266A34AF2AC94993BEB815CFDA242DF7E44E290696C6249953D76CD8B129BF5
File Size: 6.02 MB, 6020688 bytes
MD5: 3923791135deb9195e021b325fed0c85
SHA1: 933468e6e3d85c90935706987c279d4198da9424
SHA256: 3E915767A3B95B331E0EA8F06689E6D327849DFB52E74370073AC97C038099BF
File Size: 3.04 MB, 3042816 bytes
MD5: 219f3cd31cbdaff6283d104ac4cceb19
SHA1: f64370d5943ea6fd876a189887b6e36ed53a7998
SHA256: D125300B5E584B731B338C11119A3B3FEC10495BF917BBC1663F701E7F03B083
File Size: 138.78 KB, 138776 bytes
MD5: eb1fe8038a08d01bab6e9d7115cccb09
SHA1: 6ac2e699226c892801de46445a45c355bd6e2322
SHA256: B37E30A741E45CFDB2BAC0BBDCB6769469E4B60791E56EAA76F42415E8110D4D
File Size: 1.85 MB, 1854384 bytes
MD5: 78c84271f248b648f173b4b5d0d5cd80
SHA1: 1014070c287100ed400660f3b943d450bcf1c8d2
SHA256: F9B09B745AF5C316847CA0F90D86B9E4212C7D03685E5542FC34BBFB3910D078
File Size: 2.39 MB, 2389608 bytes
MD5: c899ce402eb360c1bc50313c4478ef54
SHA1: ebc431b7f15bd64afda82bb71f60e2b33fbdfbcb
SHA256: 551ED797C04BC3318357CDFB040EB9EF91BA97410D3AEF7978E640E59188F7F9
File Size: 5.45 MB, 5450552 bytes
MD5: 619ade4aa0afee7ca288675df1478921
SHA1: b994a4b639352d15c3f9ba91469297cae88d67b0
SHA256: BEB61F57CDE1753769632EAD00C7D710A010F51F6FF8C1CE305E6E96EE837FDA
File Size: 2.23 MB, 2228304 bytes
MD5: d7457bc741204cedc08857eb9369ac61
SHA1: d1cf18caa6cad68f4c656f0f419928ffeb2258a7
SHA256: E2632AB44D71FF25C5A1CD156F0039C3BA004FEFF1186CBBC10E9781FCBDEECA
File Size: 152.50 KB, 152496 bytes
MD5: cee9667eac9da7f6d314be7dcf339a56
SHA1: e5ee426bdd6b9ae04ce9717a2be7c2f879b7f3a1
SHA256: 85F5B700AF9C4AE387EC07A1EAA7BF1442543AE618B563531FB51B897AB60047
File Size: 183.30 KB, 183296 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Seiko Epson Corporation
File Description Epson Event Manager
File Version 3.11.57.0
Internal Name EEventManager
Legal Copyright Copyright (C) Seiko Epson Corporation 2003-2022, All rights reserved.
Original Filename EEventManager.EXE
Product Name Epson Event Manager
Product Version 3.11.57.0

Digital Signatures

Signer Root Status
SEIKO EPSON CORPORATION DigiCert Trusted Root G4 Hash Mismatch

File Traits

  • big overlay
  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 275
Potentially Malicious Blocks: 38
Whitelisted Blocks: 237
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x 0 x x x x x x x x x 0 x x 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FDJ
  • Agent.LDE
  • Chapak.DA
  • Farfli.AG
  • Farfli.LE
Show More
  • Tyuyan.B

Files Modified

File Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.dat Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.207.5\msedgeupdate.dll.tmp Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\progra~3\packag~1\{042d2~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{33d1f~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{47109~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\progra~3\packag~1\{5af95~1\vc_red~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{9dff3~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\progra~3\packag~1\{ca675~1\vcredi~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\__sand~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\sandbo~2.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\sandbo~1\shsand~1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3582-490\59dc930e535d16cc5ef2310e931ffe6c504f5c75_0000666224 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\62c979f2c6ba8f56c30a6c808014acf9ee1fd576_0001700808 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b82624f656c41032be4e7953bebcd4bfdb71d434_0000326167 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\b994a4b639352d15c3f9ba91469297cae88d67b0_0002228304 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\c4b3094ab0af7b32fc744a01e003815a889087a5_0001223680 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\cbccd3f68996cd1e0e53f0e5dc89dae70d281978_0000112384 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\d4696c9e1a58d85ebaac9900777bab1395c7c5c9_0001294352 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3582-490\f110a26e23499941ef95ef2c422c3ca57e4204bc_0002920152 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\61331220116c.tmp Generic Write,Read Attributes
c:\windows\svchost.com Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command:: C:\WINDOWS\svchost.com "%1" %* RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • ShellExecute

Shell Command Execution

open C:\Users\Ybckkwnb\AppData\Local\Temp\3582-490\f110a26e23499941ef95ef2c422c3ca57e4204bc_0002920152
open C:\Users\Bhzqqcnc\AppData\Local\Temp\3582-490\b82624f656c41032be4e7953bebcd4bfdb71d434_0000326167
open C:\Users\Dwirxtfu\AppData\Local\Temp\3582-490\c4b3094ab0af7b32fc744a01e003815a889087a5_0001223680
open C:\Users\Eeqjigup\AppData\Local\Temp\3582-490\59dc930e535d16cc5ef2310e931ffe6c504f5c75_0000666224
open C:\Users\Kugcjurh\AppData\Local\Temp\3582-490\cbccd3f68996cd1e0e53f0e5dc89dae70d281978_0000112384
Show More
open C:\Users\Vfgoymyp\AppData\Local\Temp\3582-490\62c979f2c6ba8f56c30a6c808014acf9ee1fd576_0001700808
open C:\Users\Illxczdr\AppData\Local\Temp\3582-490\d4696c9e1a58d85ebaac9900777bab1395c7c5c9_0001294352
open C:\Users\Woiekwae\AppData\Local\Temp\3582-490\b994a4b639352d15c3f9ba91469297cae88d67b0_0002228304

Trending

Most Viewed

Loading...