ardamax | f66c4dc85f82afc12c176c8d8547147db99d7134b29656a416468067783534d9

Sharing

Copy URL

Twitter E-mail

General

Target

f66c4dc85f82afc12c176c8d8547147db99d7134b29656a416468067783534d9
Size

540KB
MD5

674ddab2a6114bfafc2add856694fc35
SHA1

8e1b2ebe4cb35d7ab639e7049fbde648c32ba04a
SHA256

f66c4dc85f82afc12c176c8d8547147db99d7134b29656a416468067783534d9
SHA512

37ccb4f89d1e4cfcac8cc2e221bdfd9f039a2b187b6b08938dc3ce816953ab07a4bd30c78a5d0caeb771885b5e437999e96b0e111a0b29fb4a9c1d7ebd60da8d
SSDEEP

6144:lkIahY1erZBfqalnSibMpmiYTEhkr6km7iADo/+V0NM/CAf/pPQCW:lqY1er/nSiw/uekrtAXh

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Files

f66c4dc85f82afc12c176c8d8547147db99d7134b29656a416468067783534d9
.exe windows x86

5628816c76062b9cd4f1e4fb29de3027

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
StrDupW
PathRemoveFileSpecW
PathFileExistsW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
StrFormatByteSizeW
StrCmpIW
PathStripPathW

ws2_32

recv
send
WSAStartup
htons
WSACleanup
getservbyname
inet_addr
gethostbyname
socket
closesocket
shutdown
select
connect

comctl32

ImageList_Destroy
ImageList_Create
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage
ImageList_LoadImageW
ImageList_Draw
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetImageCount

shell32

DoEnvironmentSubstW
Shell_NotifyIconW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHChangeNotify
ExtractIconW
ShellExecuteExW

wininet

InternetGetLastResponseInfoW
InternetOpenW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetConnectW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

LCMapStringW
GetThreadLocale
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringA
Sleep
SetProcessPriorityBoost
EnterCriticalSection
lstrcpyW
MoveFileExW
ExitProcess
CloseHandle
GetCurrentProcessId
CompareStringW
WriteFile
InitializeCriticalSection
lstrlenW
CreateMutexW
CreateFileW
InterlockedIncrement
GetLastError
SetProcessWorkingSetSize
RaiseException
lstrcmpiW
GetCurrentProcess
SizeofResource
InterlockedDecrement
LoadResource
GetVersionExW
DeleteFileW
lstrlenA
FindResourceW
GetDateFormatW
SetLastError
lstrcpyA
LoadLibraryExW
VirtualAlloc
lstrcmpA
VirtualFree
DeleteCriticalSection
GetUserDefaultLangID
CreateThread
SetThreadPriority
lstrcmpW
ResumeThread
LockResource
GlobalLock
GetLocalTime
GlobalUnlock
SystemTimeToFileTime
LoadLibraryW
CompareFileTime
FindResourceExW
FlushInstructionCache
GetCurrentThreadId
GetVersion
GetModuleHandleW
lstrcatW
MultiByteToWideChar
GetProcAddress
GetSystemTimeAsFileTime
GetModuleFileNameW
WideCharToMultiByte
lstrcpynW
RemoveDirectoryW
GetShortPathNameW
FreeLibrary
CreateDirectoryW
GetEnvironmentVariableW
LeaveCriticalSection
OpenProcess
SetFileAttributesW
SetPriorityClass
GetCurrentThread
EnumResourceNamesW
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
SetFilePointer
LocalFree
Module32FirstW
Module32NextW
Process32FirstW
Process32NextW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
CreateToolhelp32Snapshot
OutputDebugStringW
GetTimeZoneInformation
GetComputerNameW
lstrcmpiA
GetTimeFormatW
GetTickCount
CopyFileW
GetTempFileNameW
GetTempPathW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
MoveFileW
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
HeapDestroy
HeapCreate
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
LoadLibraryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
VirtualQuery
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

user32

BeginPaint
GetWindow
LoadIconW
InvalidateRect
SetDlgItemInt
GetDlgItem
EnumWindows
CallWindowProcW
WindowFromPoint
FrameRect
PeekMessageW
KillTimer
SetRectEmpty
UnhookWindowsHookEx
CopyRect
EndPaint
GetParent
GetMessagePos
PtInRect
SendMessageTimeoutW
FindWindowW
OffsetRect
GetFocus
GetDlgItemTextW
RegisterHotKey
DrawEdge
UnregisterHotKey
PostMessageW
SetWindowLongW
MessageBeep
TrackPopupMenuEx
SetFocus
GetMonitorInfoW
MonitorFromPoint
LoadImageW
ReleaseDC
SetClipboardViewer
DestroyWindow
GetWindowTextLengthW
GetDlgItemInt
CharNextW
SetCursor
CallNextHookEx
GetSystemMetrics
ChangeClipboardChain
GetWindowTextW
LoadCursorW
GetKeyState
SetWindowsHookExW
GetSysColor
IsClipboardFormatAvailable
SendMessageW
DrawTextW
GetSysColorBrush
OpenClipboard
DdeInitializeW
SystemParametersInfoW
DdeCreateStringHandleW
DdeConnect
SetDlgItemTextW
DdeClientTransaction
GetClipboardData
DdeAccessData
GetClassLongW
DispatchMessageW
IsMenu
GetClientRect
TranslateMessage
DestroyMenu
SetWindowPos
GetWindowLongW
GetClassInfoExW
GetMessageW
DeleteMenu
CloseClipboard
ReleaseCapture
DdeDisconnect
CheckMenuItem
IsWindowEnabled
EndDialog
DdeFreeStringHandle
IsWindow
GetMenu
InflateRect
GetCapture
DdeUninitialize
GetSubMenu
GetMenuItemCount
ScrollWindow
PostQuitMessage
MapWindowPoints
TrackPopupMenu
AdjustWindowRectEx
DrawFrameControl
SetCapture
SetWindowTextW
GetMenuItemInfoW
MoveWindow
RegisterWindowMessageW
GetWindowThreadProcessId
FillRect
EnableWindow
SetMenuItemInfoW
GetActiveWindow
CharLowerW
GetWindowRect
GetWindowModuleFileNameW
GetDesktopWindow
ModifyMenuW
DestroyIcon
UpdateWindow
wsprintfW
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
GetCursorPos
GetForegroundWindow
ShowWindow
GetDlgCtrlID
GetWindowDC
SetForegroundWindow
SetTimer
MessageBoxW
GetClassNameW
GetDC
LoadMenuW
IsWindowVisible
GetAncestor
ScreenToClient
DefWindowProcW
DrawFocusRect
DialogBoxParamW
RegisterClassExW
CreateWindowExW

gdi32

CreateDIBSection
SetBkMode
CreateCompatibleDC
CreateRectRgnIndirect
SelectObject
CreateBitmap
SetBkColor
BitBlt
ExcludeClipRect
CreateFontW
GetObjectW
CreateFontIndirectW
GetDIBits
SetPolyFillMode
RealizePalette
CombineRgn
DeleteDC
DeleteObject
GetTextMetricsW
SetTextColor
CreateCompatibleBitmap
GetStockObject
CreatePatternBrush
CreateSolidBrush
GetTextExtentPoint32W
CreatePen
SetBrushOrgEx
TextOutW
Polygon
PatBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

Sections

.text
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lgjhwnm
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5628816c76062b9cd4f1e4fb29de3027

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 365KB - Virtual size: 364KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 111KB - Virtual size: 112KB

lgjhwnm Size: - Virtual size: 4KB

.text
Size: 365KB - Virtual size: 364KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 111KB - Virtual size: 112KB

lgjhwnm
Size: - Virtual size: 4KB