Holy[.]Cat[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Holy.Cat.exe
Size

4.8MB
MD5

1e0d301861c1ab658333334d583c296c
SHA1

fc172eacddc142f00850aee17469f64fd8ee8cb5
SHA256

dd007bccaa09e07533667eda9442360392e4426a50946bca6ecab5d851ac7551
SHA512

01dc04b600f96dc44f0f40f64c368b6add3cbb420b31cd0a229b149dacd4e12a3519e480b389b5f3c5e67c94a62e10adc8ca5fa1aea8514c1af5043aab192439
SSDEEP

98304:jP9JvI1XQEqtS1RgntRMukWcxf8/eSkZ8AVq4ycdg50Uhs/rpzME:jDgVr1unzMuyfhSk8TeUhsjpz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Holy.Cat.exe

Files

Holy.Cat.exe
.exe windows:6 windows x64 arch:x64

30bba6e3eee19ac3b9c882ecd4d31e62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\karee\Desktop\123ud\output\build\Holy.Cat.pdb

Imports

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
SetConsoleTitleA
GetModuleFileNameA
GetLastError
FormatMessageA
GetCurrentProcessId
Sleep
WideCharToMultiByte
ReadFile
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GlobalLock
LocalFree
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GlobalFree
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetProcAddress
CloseHandle
Process32Next
CreateFileA
CreateToolhelp32Snapshot
GetModuleHandleA
CreateFileW
LoadLibraryExA
VirtualAlloc
DeviceIoControl
GetCurrentProcess
VirtualFree
Process32First
GetSystemTimeAsFileTime
InitializeSListHead
GlobalUnlock
GetFileSizeEx
GetCurrentThreadId

user32

GetClientRect
SendInput
GetCursorPos
FindWindowA
SetCursor
GetAsyncKeyState
ScreenToClient
MessageBoxA
SetClipboardData
MonitorFromWindow
GetClipboardData
SetCapture
GetForegroundWindow
GetCapture
EmptyClipboard
CloseClipboard
OpenClipboard
LoadCursorA
SetCursorPos
GetMessageExtraInfo
RegisterClassExA
PostQuitMessage
UnregisterClassA
PeekMessageA
LoadIconA
TranslateMessage
TrackMouseEvent
SetLayeredWindowAttributes
SetProcessDPIAware
GetKeyboardLayout
UpdateWindow
CreateWindowExA
DefWindowProcA
MoveWindow
GetMonitorInfoA
SetWindowDisplayAffinity
SetWindowLongA
ShowWindow
IsWindowUnicode
GetSystemMetrics
GetKeyState
ClientToScreen
ReleaseCapture
DestroyWindow
DispatchMessageA
GetWindowRect

gdi32

CreateSolidBrush

advapi32

RegOpenKeyA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathW
ShellExecuteA

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_counter
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?good@ios_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_function_call@std@@YAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_id
_Thrd_join
_Query_perf_frequency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?uncaught_exceptions@std@@YAHXZ
_Cnd_do_broadcast_at_thread_exit
?_Xinvalid_argument@std@@YAXPEBD@Z

ntdll

RtlVirtualUnwind
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitAnsiString
RtlAnsiStringToUnicodeString

dbghelp

ImageRvaToVa
ImageNtHeader
ImageDirectoryEntryToData

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__intrinsic_setjmp
__current_exception_context
__current_exception
memcmp
memchr
memset
memmove
strrchr
longjmp
_purecall
strchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__C_specific_handler
memcpy
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

realloc
free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

terminate
_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
_errno
strerror
system
abort
perror
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_c_exit
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argv
__p___argc

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-stdio-l1-1-0

setvbuf
ungetc
tmpnam
__p__commode
fsetpos
fgetpos
_set_fmode
fputc
fread
__acrt_iob_func
_ftelli64
fflush
_popen
fclose
_fseeki64
tmpfile
_get_stream_buffer_pointers
_pclose
clearerr
__stdio_common_vfprintf
fgets
ftell
fseek
feof
getc
fopen
ferror
freopen
fgetc
_wfopen
__stdio_common_vsprintf
__stdio_common_vsscanf
fwrite

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_lock_file
rename

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
strtod
strtoull
atof

api-ms-win-crt-string-l1-1-0

toupper
strncmp
isspace
tolower
isdigit
isalnum
islower
strcoll
strspn
strcmp
isxdigit
ispunct
strncpy
strpbrk
iscntrl
_stricmp
isalpha
isupper
isblank
isgraph

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

ceilf
cos
tan
sqrt
sinf
cosf
ceil
ldexp
floor
fmod
fmodf
sin
sqrtf
llround
log
log10
atan2
asin
_dsign
acosf
acos
__setusermatherr
roundf
exp
pow
powf
frexp
_dclass

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_mktime64
_time64
clock
_difftime64
_localtime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale
localeconv
___lc_codepage_func

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30bba6e3eee19ac3b9c882ecd4d31e62

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx11_43

d3d11

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

dbghelp

imm32

d3dcompiler_47

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 322KB - Virtual size: 322KB

.data Size: 3.2MB - Virtual size: 3.2MB

.pdata Size: 59KB - Virtual size: 58KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 322KB - Virtual size: 322KB

.data
Size: 3.2MB - Virtual size: 3.2MB

.pdata
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 6KB