ardamax | 0f5acab8ed161fbb09661aadb7e2dd881aa593615f863c71ca7eea37403e4abf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f5acab8ed161fbb09661aadb7e2dd881aa593615f863c71ca7eea37403e4abf
Size

735KB
MD5

92cc8efe3f5c2a985ae2214401e8dc69
SHA1

b5a05638129f057749f06e36a78146c1e0956fe7
SHA256

0f5acab8ed161fbb09661aadb7e2dd881aa593615f863c71ca7eea37403e4abf
SHA512

11b0f4c95e3a71356f85aefb76f7408f5a0e14f25452de902d231f78636a52ee48347d67968a90124d86ade6c8039a265a059c2925af7a1ddb1fc3cdccaac45f
SSDEEP

12288:JejTmxOKDgEcB54bZhbX0cbYHpvMv3BHJzFTgvrQ5+N3sXR5eJcjtI6FkNOTk0/P:4jTyOK8E+erbEByz2ckN3U/MBAprz

Score

10^/10

upx ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_ardamax

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

0f5acab8ed161fbb09661aadb7e2dd881aa593615f863c71ca7eea37403e4abf
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 718KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 994KB - Virtual size: 993KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ