home

cobra crypter.exe

The executable cobra crypter.exe has been detected as malware by 39 anti-virus scanners. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server. The file has been seen being downloaded from download1291.mediafire.com.
MD5:
dd9f47fd5864571f8c92153e3ef796e5

SHA-1:
647cdb324d9d9250602a26399be99329fa4845d0

SHA-256:
e7d98c35d3689baaf0dee41ce8ccf395731579fa6bfaf51dbc64aa172ca3bcd1

Scanner detections:
39 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/19/2024 4:58:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Neshta.A
5651644

Agnitum Outpost
Win32.Neshta.A
7.1.1

AhnLab V3 Security
Win32/Neshta
2015.04.19

Avira AntiVirus
W32/Neshta.A
3.6.1.96

avast!
Win32:Apanas [Trj]
2014.9-150418

AVG
Worm/Delf
2016.0.3135

Baidu Antivirus
Virus.Win32.Neshta.$a
4.0.3.15418

Bitdefender
Win32.Neshta.A
1.0.20.540

Bkav FE
W32.NeshtaB.PE
1.3.0.6379

Clam AntiVirus
W32.Neshuta.A
0.98/20343

Comodo Security
Win32.Neshta.A
21816

Dr.Web
Win32.HLLP.Neshta
9.0.1.05190

Emsisoft Anti-Malware
Win32.Neshta
9.0.0.4799

ESET NOD32
Win32/Neshta.A virus
7.0.302.0

Fortinet FortiGate
W32/Neshta.A
4/18/2015

F-Prot
W32/HLLP.41472
4.6.5.141

F-Secure
Win32.Neshta.A
5.13.68

G Data
Win32.Neshta
15.4.25

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.1.8.9.0

K7 AntiVirus
Virus
13.202.15640

Kaspersky
Virus.Win32.Neshta
15.0.0.543

McAfee
Trojan.Artemis!6AAAFA89E122
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.195.3225.0

MicroWorld eScan
Win32.Neshta.A
16.0.0.324

NANO AntiVirus
Virus.Win32.Neshta.cdby
0.30.16.1110

Norman
Worm.Generic.526208
03.12.2014 13:20:04

nProtect
Virus/W32.Neshta
15.04.17.01

Panda Antivirus
W32/Neshta.A
15.04.18.10

Quick Heal
W32.Neshta.C8
4.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.18.17

Rising Antivirus
PE:Win32.Netsha.a!411233
23.00.65.15416

Sophos
Virus 'W32/Bloat-A'
5.13

Total Defense
Win32/Neshta.A
37.0.11557

Trend Micro House Call
PE_NESHTA.A
7.2.108

Trend Micro
PE_NESHTA.A
10.465.18

Vba32 AntiVirus
Virus.Win32.Neshta.a
3.12.26.3

VIPRE Antivirus
Threat.4276445
38882

ViRobot
Win32.Neshta.B[h]
2014.3.20.0

Zillya! Antivirus
Virus.Neshta.Win32.1
2.0.0.2143

File size:
1.3 MB (1,319,424 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cobra crypter.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:v5eDfgyvG/6bzdITY6Pfs6FzJTFHkNwKFSRFrd0dd8dLi2mIN5rIav0WfPyIoh:BeDYNL86X5x2yRkdse6N5rPaIoh

Entry address:
0x80E4

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40...
 
[+]

Entropy:
6.5457

Developed / compiled with:
Microsoft Visual C++

Code size:
29 KB (29,696 bytes)

The file cobra crypter.exe has been seen being distributed by the following URL.

http://download1291.mediafire.com/n2al7oc9vsng/.../Cobra Crypter.exe

Remove cobra crypter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.