Aud Virus Neshta Analysis

Virus Neshta

Updated on 2023-09-14 (1 year ago)

Online Virus Checker	v.1.0.138.174
DB Version:	2023-09-14 10:02:20

Virus.Win32.Neshta.sa

Neshta is a malicious software that collects sensitive system information and potentially spreads to removable storage devices and network shares. It is often used in targeted attacks against companies in industries such as finance, consumer goods, energy, and manufacturing, posing a serious threat to system security and requiring immediate removal.

File	Aud
Checked	2023-09-14 07:15:03
MD5	e185fe1f36fb07d6b85a71a20acc58db
SHA1	c32b828888f0bab5485dbb98da1ea1f7b0bcbfef
SHA256	907ca6d311ca53125aa321e39a288adae25fd45eef884dafe8d88aa9547e9fe9
SHA512	c1eb972ceaceccbaa0558ad8a988957a7ac5cf6f515dd7b451f38403e86b90df7a473b7830334526da9da893c47c5b07e38461509422e1d11148a4bbfbaeb19a
Imphash	07d7bb1cc7a7a15621fdda29041fa17d
File Size	2068487 bytes

Virus.Win32.Neshta.sa Removal

Gridinsoft has the capability to identify and eliminate Virus.Win32.Neshta.sa without requiring further user intervention.

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process.

Signers

DigiCert Trusted Root G4	DigiCert Inc (US)
DigiCert Trusted Root G4	DigiCert, Inc. (US)
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Chengdu ShanHe Information Technology Co., Ltd. (CN)
Verification	The expected hash does not match the digest in SpcInfo

File Version Information

CompanyName	iTop Inc.
FileDescription	iTop VPN
FileVersion	5.0.0.4294
InternalName	Aud
LegalCopyright	© iTop Inc. All rights reserved.
LegalTrademarks	iTop Inc.
OriginalFilename	aud.exe
ProductName	iTop VPN
ProductVersion	5.0
Comments	iTop Inc. AUpdate
Translation	0x0409 0x04e4

Portable Executable Info

	6d158d881d3c5f981b514f1a2eebc2c6 00f093ca5233c12c497c0f3fc1557273 8990ae8e9a86ac52
Image Base:	0x00400000
Entry Point:	0x0059e9fc
Compilation:	2023-07-05 12:41:05
Checksum:	0x001f1219 (Actual: 0x001f92e8)
OS Version:	5.0
PEiD:	PE32 executable (GUI) Intel 80386, for MS Windows
Sign:	The expected hash does not match the digest in SpcInfo
Sections:	10
Imports:	oleaut32, advapi32, user32, kernel32, msimg32, gdi32, version, ole32, wininet, shell32, comctl32, comdlg32, wsock32,
Exports:	1
Resources:	46

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Entropy
.text	0x00001000	0x0019bc58	0x0019be00	9886238fd248a0957d856a0bac185fc4	6.44
.itext	0x0019d000	0x00003dc0	0x00003e00	ef2ee34337dbe5225c6de4e1756b2334	6.34
.data	0x001a1000	0x000141ac	0x00014200	4bb16cb392a4a4ac3d655347a8565353	6.29
.bss	0x001b6000	0x00047854	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
.idata	0x001fe000	0x0000442c	0x00004600	9e4a1e0e097ab398e4ee101bcbee8229	5.21
.edata	0x00203000	0x0000004a	0x00000200	441e776c8a0d6ffba3ab58e1a361ab0e	0.77
.tls	0x00204000	0x00000250	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
.rdata	0x00205000	0x00000018	0x00000200	f20791ae136b61b4daed18a313b13351	0.21
.reloc	0x00206000	0x00017fc8	0x00018000	62a0a2d9e2f012a319594f19b0234c26	6.71
.rsrc	0x0021e000	0x00010c00	0x00010c00	6253f52f0291b92b249fd9e3fb470c4d	4.54