ardamax | dc3c20e20a124f81ad5adde00eedb807867deec8ae45d8c289c37c21872b3ea1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc3c20e20a124f81ad5adde00eedb807867deec8ae45d8c289c37c21872b3ea1
Size

892KB
MD5

eca155fa5223c0f4794d5414e7cfde5e
SHA1

6d71a7ca28fc35dd01f45803dbbc0d6e1b21e834
SHA256

dc3c20e20a124f81ad5adde00eedb807867deec8ae45d8c289c37c21872b3ea1
SHA512

f6c0ba26140598c01258fbaa9c899c42b2f98a0d8214e99cfe650f87049880fd04fa19cc6a3a8a2607c43c62253f08f41e68ff476bace89435093d63313653af
SSDEEP

12288:e5CNXnx+BfOxO8YkSPSq3igRq6xGJOpqL1cjScB+lQ:eSGfM7Yky3iV0Gkpm1M+l

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Files

dc3c20e20a124f81ad5adde00eedb807867deec8ae45d8c289c37c21872b3ea1
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE