tomohaha[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

tomohaha.exe
Size

1.1MB
MD5

0e185dfa00cdca07ba2550691722b28b
SHA1

93f1e4db24e00b92dc0b269ec6b4f68a7cc04833
SHA256

d7a3946548ef0d3eae7700f9d23933b3f35351c0719ac07e1839aab7270db91a
SHA512

38e73dad431bf72231504efbd9b32fb4031f0bfe4576aac88d815c752a79ff815282d78400bdd630c0e3252fc248c9c7b2551a598c5fe55f9f555d2c621e089a
SSDEEP

24576:w/R/iSouPSEJsmuW6LQGVs+UUn/KQkm9AgUU7L6YNXWca9/:ajouPSEymuWHGVs+UUnCQRAgU7YhWh9/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tomohaha.exe

Files

tomohaha.exe
.exe windows:6 windows x86 arch:x86

53d02a5068123c6c7eeffa52674143a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
GetLocalTime
WriteFile
WaitForSingleObject
GetLastError
GetOverlappedResult
CreateEventA
GetTickCount
FindNextFileA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
DecodePointer
HeapReAlloc
HeapAlloc
HeapFree
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
GetFileAttributesA
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
lstrlenW
lstrcpyW
SetFilePointer
GetVolumeInformationA
GetDriveTypeA
GetFileSize
CreateDirectoryA
FindClose
FindFirstFileA
Sleep
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
lstrcpyA
DeleteFileA
lstrlenA
CloseHandle
CreateFileA
ReadFile
HeapSize
CreateFileW
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
SetLastError
GetModuleFileNameA
GetEnvironmentStringsW
lstrcatA
TlsSetValue
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetCPInfo

user32

EndPaint
PostMessageA
BeginPaint
UpdateWindow
FindWindowA
PeekMessageA
GetKeyState
wsprintfA
GetDC
ReleaseDC
AdjustWindowRectEx
EnumDisplayDevicesA
GetSystemMetrics
ChangeDisplaySettingsExA
GetClientRect
GetActiveWindow
SetRect
MoveWindow
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
EndDialog
GetDlgItemTextA
SetWindowLongA
GetWindowTextA
GetWindowLongA
SetWindowTextA
SendMessageA
GetCapture
ReleaseCapture
ScreenToClient
GetAsyncKeyState
GetCursorPos
ChangeDisplaySettingsA
MessageBoxA
EnumDisplaySettingsA
IsWindow
DispatchMessageA
GetWindowRect
LoadCursorA
DestroyWindow
SetWindowPos
ShowWindow
CallWindowProcA
RegisterClassA
DefWindowProcA
CreateWindowExA
SetFocus
TranslateMessage
CreateDialogParamA
LoadIconA

gdi32

TextOutA
SelectObject
GetGlyphOutlineA
SetBkMode
CreateFontIndirectA
GetTextMetricsA
SetTextAlign
EnumFontFamiliesA
CreateSolidBrush
CreateFontA
DeleteObject
GetStockObject

shell32

ShellExecuteA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize

winmm

timeGetTime
timeBeginPeriod
timeSetEvent
timeKillEvent
timeGetDevCaps
timeEndPeriod

dsound

ord11

d3d9

Direct3DCreate9

d3dx9_43

D3DXSaveTextureToFileA
D3DXCreateTextureFromFileInMemory
D3DXCreateTexture
D3DXCreateTextureFromFileExA
D3DXQuaternionRotationYawPitchRoll
D3DXMatrixLookAtLH
D3DXQuaternionMultiply

imm32

ImmAssociateContext

emotedriver

?EmoteFilterTexture@@YAXPAEKP6AX0K@Z@Z
?EmoteCreate@@YAPAVIEmoteDevice@@ABUInitParam@1@@Z

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

hid

HidD_GetHidGuid
HidD_GetAttributes

Sections

.text
Size: 727KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 105.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53d02a5068123c6c7eeffa52674143a4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

winmm

dsound

d3d9

d3dx9_43

imm32

emotedriver

setupapi

hid

Sections

.text Size: 727KB - Virtual size: 727KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 15KB - Virtual size: 105.0MB

.rsrc Size: 290KB - Virtual size: 290KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 727KB - Virtual size: 727KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 15KB - Virtual size: 105.0MB

.rsrc
Size: 290KB - Virtual size: 290KB

.reloc
Size: 35KB - Virtual size: 35KB