HoloCure[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

HoloCure.zip
Size

158.3MB
MD5

5dc2a542ac1979b3dfe3d909729c5eda
SHA1

36076b5111aea0b3e173c53761a052046b2d2957
SHA256

faa1f8dc0091a37c6eafdb4baa648cc5547cc484c0de385b7a1d09989e71eb86
SHA512

4c575795f1a21a4d3622a3c05473075a90d9c1094df2e34dd4a85a0ae992b49521c9b40d564e910be3a4a5424897ac11d31c9945afdc0360dcc30a185273d726
SSDEEP

3145728:rbB8VY5+mOJtcp2JNspUjEsZZHvEpNWhkAZYxE34CslZKPcZz3xBe7D3D6oTqRVd:HBiY5+mdpgNspUjEsZNvmEWxE3clic/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HoloCure.exe
unpack001/display_mouse_lock_x64.dll

Files

HoloCure.zip
.zip
CHANGELOG.txt
HoloCure.exe
.exe windows:6 windows x64

b6fcf8b02a3d046069040f9a5e3568fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

InternetOpenA
InternetGetConnectedState
InternetConnectA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA

d3d11

D3D11CreateDevice

dbghelp

MiniDumpWriteDump

winmm

timeGetDevCaps
timeEndPeriod
joyGetPosEx
joyGetPos
mciSendStringA
timeGetTime
timeBeginPeriod

ws2_32

setsockopt
sendto
send
select
recvfrom
recv
ntohs
inet_ntoa
inet_addr
getsockopt
ioctlsocket
connect
closesocket
bind
accept
htons
htonl
WSAStartup
WSAGetLastError
getaddrinfo
freeaddrinfo
getpeername
__WSAFDIsSet
listen
socket

gdiplus

GdiplusShutdown
GdiplusStartup

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringW
UuidCreate

mf

MFCreateMediaSession
MFCreateTopology
MFCreateTopologyNode
MFGetService
MFCreateAudioRendererActivate
MFCreateSampleGrabberSinkActivate

mfplat

MFStartup
MFCreateMediaType
MFCreateSourceResolver

kernel32

GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteFile
GetStdHandle
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
SetFileAttributesW
GetFileAttributesExW
HeapWalk
HeapValidate
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetModuleHandleExW
RtlUnwind
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
GetStringTypeW
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
GetFileSizeEx
SetFilePointerEx
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OutputDebugStringA
GetCurrentProcess
K32GetProcessMemoryInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetConsoleWindow
GetCommandLineW
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
GetFinalPathNameByHandleW
GetFullPathNameW
CloseHandle
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
Sleep
GetCurrentProcessId
GetCurrentThreadId
HeapReAlloc
GetModuleHandleW
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesW
GetFileSize
ReadFile
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
GetTickCount64
CreateThread
SetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetVersionExW
GetLocaleInfoW
GetEnvironmentVariableW
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
SetLastError
GetExitCodeThread
FormatMessageW
GlobalAlloc
GlobalUnlock
GlobalLock
GetFileAttributesA
VerSetConditionMask
VerifyVersionInfoW
ExitProcess
lstrlenA
GetVersion
LoadLibraryA
WaitForSingleObjectEx
CreateEventExW
DebugBreak
GetEnvironmentVariableA
InitializeSRWLock
GetNativeSystemInfo
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
GetTimeZoneInformation
ReadConsoleW
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
HeapSize
GetModuleFileNameW
WriteConsoleW

user32

OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetFocus
GetRawInputDeviceInfoA
GetRawInputDeviceList
SetDlgItemTextA
MessageBoxW
SetProcessDPIAware
EnumDisplaySettingsA
IsDialogMessageW
keybd_event
DispatchMessageW
TranslateMessage
wsprintfW
EnumDisplayDevicesW
EnumDisplaySettingsW
LoadImageW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowExA
FindWindowA
SetParent
SetDlgItemTextW
GetAsyncKeyState
DrawTextW
PeekMessageW
ScreenToClient
SetCursor
AdjustWindowRectEx
GetClientRect
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
SetCapture
GetKeyState
SetFocus
BringWindowToTop
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
SendMessageA
EnumWindows
GetWindowLongPtrW
IntersectRect
GetWindowRect
GetActiveWindow
IsWindowVisible
GetLayeredWindowAttributes
MessageBoxA
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
ReleaseDC
GetDC
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
UpdateWindow
SetWindowLongPtrW
ClientToScreen
SetCursorPos
GetDlgItemTextW
SetWindowTextW
MapWindowPoints
MoveWindow

gdi32

SelectObject
GetRgnBox
DeleteObject
CreateRectRgnIndirect
GetStockObject
GetDeviceCaps
CombineRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler

dwmapi

DwmGetWindowAttribute
DwmGetCompositionTimingInfo

Sections

.text
Size: 39.8MB - Virtual size: 39.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audiogroup1.dat
audiogroup2.dat
controllerblacklist.csv
controllertypes.csv
data.win
display_mouse_lock_x64.dll
.dll windows:6 windows x64

32f0b33435ab0334998df23cbc22f46b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

GetClipCursor
ClipCursor

kernel32

FindClose
WriteConsoleW
CloseHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Exports

Exports

display_mouse_bounds_raw
display_mouse_lock
display_mouse_unlock

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
licenses.txt
options.ini
sdl2.txt

Sharing

General

Malware Config

Signatures

Files

b6fcf8b02a3d046069040f9a5e3568fc

Headers

DLL Characteristics

File Characteristics

Imports

wininet

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

rpcrt4

mf

mfplat

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dwmapi

Sections

.text Size: 39.8MB - Virtual size: 39.8MB

.rdata Size: 8.0MB - Virtual size: 8.0MB

.data Size: 1.4MB - Virtual size: 4.5MB

.pdata Size: 1.6MB - Virtual size: 1.6MB

.mydata Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 307KB - Virtual size: 307KB

.reloc Size: 288KB - Virtual size: 287KB

32f0b33435ab0334998df23cbc22f46b

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 39.8MB - Virtual size: 39.8MB

.rdata
Size: 8.0MB - Virtual size: 8.0MB

.data
Size: 1.4MB - Virtual size: 4.5MB

.pdata
Size: 1.6MB - Virtual size: 1.6MB

.mydata
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 307KB - Virtual size: 307KB

.reloc
Size: 288KB - Virtual size: 287KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB