Aud Virus Neshta File Malware Analysis: e185fe1f36fb07d6b85a71a20acc58db

Aud Virus Neshta Analysis

Updated 1 year ago

Checked by Malware Check

Aud

Hash Type	Value	Action
MD5	e185fe1f36fb07d6b85a71a20acc58db
SHA1	c32b828888f0bab5485dbb98da1ea1f7b0bcbfef
SHA256	907ca6d311ca53125aa321e39a288adae25fd45eef884dafe8d88aa9547e9fe9
SHA512	c1eb972ceaceccbaa0558ad8a988957a7ac5cf6f515dd7b451f38403e86b90df7a473b7830334526da9da893c47c5b07e38461509422e1d11148a4bbfbaeb19a
ImpHash	07d7bb1cc7a7a15621fdda29041fa17d

Hash Type

Value

Action

MD5

e185fe1f36fb07d6b85a71a20acc58db

SHA1

c32b828888f0bab5485dbb98da1ea1f7b0bcbfef

SHA256

907ca6d311ca53125aa321e39a288adae25fd45eef884dafe8d88aa9547e9fe9

SHA512

c1eb972ceaceccbaa0558ad8a988957a7ac5cf6f515dd7b451f38403e86b90df7a473b7830334526da9da893c47c5b07e38461509422e1d11148a4bbfbaeb19a

ImpHash

07d7bb1cc7a7a15621fdda29041fa17d

PE Analysis

Basic Information

▼

Icon	Hash: 6d158d881d3c5f981b514f1a2eebc2c6 Fuzzy: 00f093ca5233c12c497c0f3fc1557273 dHash: 8990ae8e9a86ac52
Image Base	`0x00400000`
Entry Point	`0x0059e9fc`
Compilation Time	2023-07-05 12:41:05
Checksum	0x001f1219 (Actual: 0x001f92e8)
OS Version	5.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	The expected hash does not match the digest in SpcInfo
Imports	13 libraries
Exports	1 functions
Resources	46 Resources
Sections	10 Sections

Digital Signatures

▼

DigiCert Trusted Root G4	DigiCert Inc (US)
DigiCert Trusted Root G4	DigiCert, Inc. (US)
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Chengdu ShanHe Information Technology Co., Ltd. (CN)

Version Information

▼

CompanyName	iTop Inc.
FileDescription	iTop VPN
FileVersion	5.0.0.4294
InternalName	Aud
LegalCopyright	© iTop Inc. All rights reserved.
LegalTrademarks	iTop Inc.
OriginalFilename	aud.exe
ProductName	iTop VPN
ProductVersion	5.0
Comments	iTop Inc. AUpdate
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,686,616 bytes	1,687,040 bytes	6.44 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`9886238FD248A0957D856A0BAC185FC4`
`.itext`	`0x0019d000`	15,808 bytes	15,872 bytes	6.34 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`EF2EE34337DBE5225C6DE4E1756B2334`
`.data`	`0x001a1000`	82,348 bytes	82,432 bytes	6.29 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`4BB16CB392A4A4AC3D655347A8565353`
`.bss`	`0x001b6000`	292,948 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x001fe000`	17,452 bytes	17,920 bytes	5.21 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`9E4A1E0E097AB398E4EE101BCBEE8229`
`.edata`	`0x00203000`	74 bytes	512 bytes	0.77 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`441E776C8A0D6FFBA3AB58E1A361AB0E`
`.tls`	`0x00204000`	592 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x00205000`	24 bytes	512 bytes	0.21 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`F20791AE136B61B4DAED18A313B13351`
`.reloc`	`0x00206000`	98,248 bytes	98,304 bytes	6.71 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`62A0A2D9E2F012A319594F19B0234C26`
`.rsrc`	`0x0021e000`	68,608 bytes	68,608 bytes	4.54 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`6253F52F0291B92B249FD9E3FB470C4D`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 46 (65,958 bytes)

Resource Type	Count	Total Size	Percentage
RT_CURSOR	7	2,156 bytes	3.3%
RT_ICON	3	5,337 bytes	8.1%
RT_STRING	23	19,256 bytes	29.2%
RT_RCDATA	3	36,252 bytes	55%
RT_GROUP_CURSOR	7	140 bytes	0.2%
RT_GROUP_ICON	1	48 bytes	0.1%
RT_VERSION	1	804 bytes	1.2%
RT_MANIFEST	1	1,965 bytes	3%

Certificate Chain Analysis

▼

Certificate #1

Subject	DigiCert Trusted Root G4 DigiCert Inc US
Issuer	DigiCert Trusted Root G4
Serial Number	`7451500558977370777930084869016614236`

Certificate #2

Subject	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 DigiCert, Inc. US
Issuer	DigiCert Trusted Root G4
Serial Number	`11533403529598586876501374841704918745`

Certificate #3

Subject	Chengdu ShanHe Information Technology Co., Ltd. Chengdu ShanHe Information Technology Co., Ltd. CN
Issuer	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Serial Number	`1707179392256254022609495685209333859`

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	Aud
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version	1.0.138.174
Database Version	2023-09-14 10:02:20 UTC

Aud Virus Neshta Analysis

Technical Analysis

Virus.Win32.Neshta.sa

Scan Another File

File Identification