» 1c86.tmp
Overview
Analysis
File Details

1c86.tmp

The file 1c86.tmp has been detected as malware by 30 anti-virus scanners. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server.

File name:

1c86.tmp

MD5:

589a00df46cc32867df7a939bbfc03a6

SHA-1:

4776221d149558c204b36f3089ea315a1a55059d

SHA-256:

f4c77c405f73a765b316ab104c01c3ce0bd855f8b584de1c2e5743e9564d3723

Scanner detections:

30 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 12:24:48 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Neshta

2011.06.07

Avira AntiVirus

W32/Neshta.a

7.11.9.66

avast!

Win32:Neshta

2014.9-150802

AVG

Worm/Delf

2016.0.3029

Bitdefender

Win32.Neshta.A

1.0.20.1070

Clam AntiVirus

W32.Neshuta.A

0.98/18011

Comodo Security

Win32.Neshta.A

8979

Dr.Web

Win32.HLLP.Neshta

9.0.1.0214

Emsisoft Anti-Malware

Virus.Win32.Neshta!IK

8.15.08.02.12

ESET NOD32

Win32/Neshta

9.6185

Fortinet FortiGate

W32/Neshta.A

8/2/2015

F-Prot

W32/HLLP.41472

v6.4.6.2.117

F-Secure

Win32.Neshta.A

11.2015-02-08_1

G Data

Win32.Neshta

15.8.22

IKARUS anti.virus

Virus.Win32.Neshta

t3scan.1.1.104.0

K7 AntiVirus

Virus

13.105.4776

Kaspersky

Virus.Win32.Neshta

14.0.0.1642

McAfee

W32/HLLP.41472.e

5600.6685

Microsoft Security Essentials

Virus:Win32/Neshta.A

1.163.1557.0

Norman

W32/Neshta.A

11.20150802

nProtect

Virus/W32.Neshta

11.06.06.01

Panda Antivirus

W32/Neshta.A

15.08.02.12

Quick Heal

W32.Neshta.A

8.15.11.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.8.2.12

Rising Antivirus

Win32.Netsha.a

23.00.65.15731

Sophos

W32/Bloat-A

4.66

Trend Micro House Call

PE_NESHTA.A

7.2.214

Trend Micro

PE_NESHTA.A

10.465.02

Vba32 AntiVirus

Virus.Win32.Neshta.a

3.12.16.0

VIPRE Antivirus

Virus.Win32.Neshta.a

9509

File size:

1.3 MB (1,328,184 bytes)

Common path:

C:\users\{user}\appdata\local\temp\1c86.tmp

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:5/SeGUySFKZkvkvdG9foWk4/YdhUEyvn1NO80TkEC0aDXpcYjDN:56eALZGkvdG9AWk4FEOn1cTXCD7pcYjx

Entry address:

0x80E4

Entry point:

55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40... 
[+]

Entropy:

6.3664

Developed / compiled with:

Microsoft Visual C++

Code size:

29 KB (29,696 bytes)

Remove 1c86.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.