ba659842fb86107b0932dbe9f68fb91064c7cb65752b4cd2b8a3a80ab4f388b7

Sharing

Copy URL Twitter E-mail

General

Target

ba659842fb86107b0932dbe9f68fb91064c7cb65752b4cd2b8a3a80ab4f388b7
Size

725KB
MD5

efb451f683afb2d1b76c418e3136d50e
SHA1

8e82206cb54cddebb4658bd8561894f9fb0e7390
SHA256

ba659842fb86107b0932dbe9f68fb91064c7cb65752b4cd2b8a3a80ab4f388b7
SHA512

8bca6751cf35f717a8a992cffc53a1b8f2da0de6b70d237b3fd89a065a25f373d0e50fdda70919546f479548d41b3e1a06e18a05c7c203655be6db414c0dfbc8
SSDEEP

12288:KfsJUN0sLyOKgYjuqPRO7A27Z0Z9WsgcKlW+YoOPOE737TKolgXAvqqDJuE:KfsJCKgaPmWZRZ+YoObxVJuE

Score

N/A

Malware Config

Signatures

Files

ba659842fb86107b0932dbe9f68fb91064c7cb65752b4cd2b8a3a80ab4f388b7
.rar
PointerStick_5.61.exe
.exe windows x64

33eba9461f669656dc01252668699281

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:60:89:6b:93:1c:3c:5a:e1:ad:84:cf:da:71:06:b0
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/06/2021, 00:00

Not After

14/06/2023, 23:59

Subject

CN=Nenad Hrg,O=Nenad Hrg,L=Srima,C=HR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:f6:45:bc:57:ea:98:f4:29:d6:97:9c:85:2c:8c:2d:3a:e6:4d:0e:d7:17:f5:8b:3b:fd:ed:cd:7d:7a:3d:5d
Signer

Actual PE Digest

dc:f6:45:bc:57:ea:98:f4:29:d6:97:9c:85:2c:8c:2d:3a:e6:4d:0e:d7:17:f5:8b:3b:fd:ed:cd:7d:7a:3d:5d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nenad Hrg,O=Nenad Hrg,L=Srima,C=HR

14/10/2022, 21:54
Valid: true

Chain 1

CN=Nenad Hrg,O=Nenad Hrg,L=Srima,C=HR

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateMutexW
CloseHandle
WriteFile
CreateFileW
DeleteFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersionExW
lstrcpynW
TerminateThread
Sleep
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcessHeap
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GlobalFree
FreeEnvironmentStringsW
HeapCreate
HeapSetInformation
GetUserDefaultLangID
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStdHandle
HeapSize
FlsAlloc
GetCurrentThreadId
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetStartupInfoW
HeapAlloc
ExitProcess
RtlPcToFileHeader
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
OutputDebugStringW
DebugBreak
lstrlenA
FindFirstFileW
SetLastError
FindClose
lstrcatW
GetModuleHandleW
GetCurrentProcess
GetTempPathW
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileAttributesW
GetLastError
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetProcAddress
GetLocalTime
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetEnvironmentStringsW

user32

CopyRect
SetWindowsHookExW
SetWindowLongW
CharNextW
LoadStringW
wsprintfW
CharLowerW
wvsprintfW
InflateRect
DefWindowProcW
SetCursor
CreateWindowExW
RegisterClassExW
SendMessageW
SendMessageTimeoutW
LoadImageW
GetSystemMetrics
PostMessageW
PostQuitMessage
SetForegroundWindow
ShowWindow
SetWindowTextW
GetDlgItem
LoadCursorW
LoadIconW
SetTimer
UpdateWindow
EnumWindows
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
MessageBoxW
RegisterWindowMessageW
TrackPopupMenu
ClientToScreen
AppendMenuW
CreatePopupMenu
MoveWindow
GetWindowRect
SetRect
GetCursorPos
GetDoubleClickTime
EnableWindow
SetDlgItemTextW
CheckDlgButton
InsertMenuW
SetWindowPos
IsWindowVisible
GetKeyState
GetAsyncKeyState
KillTimer
ReleaseDC
GetDC
EndDialog
CreateDialogParamW
SetCursorPos
CallNextHookEx
GetIconInfo
CreateIconIndirect
DrawAnimatedRects
FindWindowExW
DestroyIcon
SystemParametersInfoW
ScreenToClient

gdi32

RestoreDC
GetWorldTransform
SetGraphicsMode
SetWorldTransform
CreateBitmap
GetPixel
SetPixel
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
GetObjectW
GetStockObject
SaveDC

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
RegSetValueExW
RegCloseKey
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
RegDeleteValueW
RegQueryValueExW

shell32

SHAppBarMessage
SHGetSpecialFolderPathW
ShellExecuteW
DragFinish
DragQueryFileW
Shell_NotifyIconW

ole32

CreateStreamOnHGlobal
OleInitialize

oleaut32

SysAllocStringLen

comctl32

ord17
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create

gdiplus

GdipCreateBitmapFromFile
GdipGetImageType
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImage
GdipDrawLineI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipSetPenColor
GdipSetPenLineCap197819
GdipSetPenWidth
GdipSetImageAttributesColorMatrix
GdiplusStartup
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipCloneImage

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33eba9461f669656dc01252668699281

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

0a:60:89:6b:93:1c:3c:5a:e1:ad:84:cf:da:71:06:b0Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

dc:f6:45:bc:57:ea:98:f4:29:d6:97:9c:85:2c:8c:2d:3a:e6:4d:0e:d7:17:f5:8b:3b:fd:ed:cd:7d:7a:3d:5dSigner

Signature Validations

Verification

14/10/2022, 21:54 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 30KB - Virtual size: 197KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 689KB - Virtual size: 688KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0a:60:89:6b:93:1c:3c:5a:e1:ad:84:cf:da:71:06:b0
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

dc:f6:45:bc:57:ea:98:f4:29:d6:97:9c:85:2c:8c:2d:3a:e6:4d:0e:d7:17:f5:8b:3b:fd:ed:cd:7d:7a:3d:5d
Signer

14/10/2022, 21:54
Valid: true

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 30KB - Virtual size: 197KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 689KB - Virtual size: 688KB