ardamax | 9c28244f2dbe3a4758b532838b0040c9

Sharing

Copy URL Twitter E-mail

General

Target

9c28244f2dbe3a4758b532838b0040c9
Size

1.5MB
MD5

9c28244f2dbe3a4758b532838b0040c9
SHA1

4b58bb4033d43ae64af6c18db48d5d25e23f6121
SHA256

cb770745d547a27a4b99fdbe27a672135f812b29d94fd2b843d06bb5aa1748aa
SHA512

24ed3d4c6aae307a0f1bb1f063b211152644b06d7425a5fe24b09f5f747dd63011451cef3f47cc4985b3316cf1213c056d38768ccb7f44cb2fab28cf4e30e969
SSDEEP

49152:wHD5G6PFG56GfXZ4JGJXAqceeTEplZWTw9di:wHD5G6PFG8GfJ4AQqcemwbi

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c28244f2dbe3a4758b532838b0040c9

Files

9c28244f2dbe3a4758b532838b0040c9
.exe windows:5 windows x86 arch:x86

eb6a9ab3147a26e6262ad0623ce93171

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpIW
PathAddBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW
PathFindExtensionW
PathFindFileNameW
PathMatchSpecW
PathFileExistsW
StrCpyW
StrDupW
StrFormatByteSizeW

psapi

GetModuleFileNameExW
EnumProcessModules

ws2_32

gethostbyname
closesocket
ioctlsocket
connect
htons
select
__WSAFDIsSet
socket
WSACleanup
WSAStartup
getpeername
inet_ntoa
recv
send
gethostname
shutdown
WSASetLastError
getservbyname
WSAGetLastError
inet_addr

comctl32

ImageList_GetIconSize
ImageList_DrawIndirect
CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
ImageList_ReplaceIcon
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent
ImageList_Draw

shell32

ExtractIconW
Shell_NotifyIconW
SHGetSpecialFolderLocation
DoEnvironmentSubstW
ShellExecuteW
SHFileOperationW
ShellExecuteExW
SHChangeNotify
SHGetPathFromIDListW

wininet

InternetOpenW
InternetConnectW
InternetGetLastResponseInfoW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
FindFirstFileA
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetDriveTypeA
ReadConsoleInputA
CloseHandle
GetLastError
CreateFileW
GetFileSize
ReadFile
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
lstrcpyW
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
FreeResource
lstrcmpW
WriteFile
GetUserDefaultLangID
GetLocaleInfoW
DeleteFileW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
lstrcatW
CompareStringW
RaiseException
lstrcpynW
GetVersionExW
LoadLibraryW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
lstrcmpiW
GetDateFormatW
Sleep
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualAlloc
ReadProcessMemory
VirtualFree
SetConsoleMode
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetProcessWorkingSetSize
GlobalLock
GlobalUnlock
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
GetTickCount
GetLocalTime
SystemTimeToFileTime
CompareFileTime
CreateThread
SetThreadPriority
ResumeThread
GetModuleFileNameW
GetShortPathNameW
GetEnvironmentVariableW
SetPriorityClass
GetCurrentThread
SetProcessPriorityBoost
MoveFileExW
ExitProcess
GetCurrentProcessId
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateMutexW
GlobalFree
EnumResourceNamesW
SetFilePointer
EndUpdateResourceW
LocalReAlloc
BeginUpdateResourceW
LocalAlloc
UpdateResourceW
LocalFree
GetTimeFormatW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
CreateFileMappingW
GetWindowsDirectoryW
MoveFileW
TerminateThread
WaitForSingleObject
CopyFileW
OutputDebugStringA
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetStartupInfoW
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringA
SetEnvironmentVariableA
InterlockedCompareExchange
VirtualQuery
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
VirtualFreeEx
IsProcessorFeaturePresent

user32

SetTimer
KillTimer
BeginPaint
EndPaint
IsWindow
ReleaseDC
DestroyIcon
EndDialog
RegisterWindowMessageW
GetAncestor
SendMessageTimeoutW
SystemParametersInfoW
GetWindowThreadProcessId
DdeInitializeW
DdeCreateStringHandleW
DdeConnect
DdeGetLastError
DdeClientTransaction
DdeAccessData
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
GetDlgCtrlID
IsWindowVisible
GetClassNameW
EnumWindows
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
PostQuitMessage
LoadImageW
GetCursorPos
DeleteMenu
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
UpdateWindow
UnhookWindowsHookEx
TrackPopupMenuEx
CallNextHookEx
SetWindowsHookExW
IsMenu
FindWindowW
RegisterHotKey
UnregisterHotKey
GetLastInputInfo
GetDesktopWindow
GetForegroundWindow
GetWindowDC
GetDC
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
DrawFocusRect
SetRectEmpty
CheckMenuItem
GetSubMenu
LoadMenuW
DialogBoxIndirectParamW
RedrawWindow
GetMenu
AdjustWindowRectEx
RegisterClassExW
GetClassInfoExW
LookupIconIdFromDirectory
MessageBeep
CreateIconFromResource
FillRect
GetClassLongW
IsWindowEnabled
FrameRect
GetSysColorBrush
PtInRect
ReleaseCapture
GetCapture
SetCapture
GetFocus
WindowFromPoint
GetMessagePos
DrawEdge
CharLowerW
GetKeyState
GetMenuItemID
GetKeyNameTextW
MapVirtualKeyW
CharUpperW
wsprintfW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
OffsetRect
DrawFrameControl
CopyRect
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
SetWindowLongW
SetWindowPos
DestroyMenu
MoveWindow
ScrollWindow
ScreenToClient
ShowWindow
PostMessageW
CallWindowProcW
GetDlgItemInt
GetActiveWindow
SetFocus
LoadCursorW
SetCursor
EnableWindow
SetDlgItemInt
GetDlgItemTextW
GetWindow
MonitorFromWindow
GetClientRect
MapWindowPoints
SetWindowTextW
MessageBoxW
ModifyMenuW
GetDlgItem
SetDlgItemTextW
SendMessageW
CreateWindowExW
DefWindowProcW
GetParent
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenu
GetWindowRect
InvalidateRect
DrawTextW
GetSysColor
GetSystemMetrics
CharNextW
InflateRect

gdi32

TextOutW
CreateFontIndirectW
SetPolyFillMode
SetBkMode
BitBlt
CreateCompatibleBitmap
RealizePalette
GetDIBits
GetDeviceCaps
CreatePatternBrush
SetBrushOrgEx
CreateCompatibleDC
GetTextExtentPoint32W
DeleteDC
GetObjectW
GetStockObject
Polygon
CreatePen
CreateSolidBrush
SelectObject
SetTextColor
DeleteObject
CreateBitmap
PatBlt
RoundRect
LineTo
MoveToEx
GetTextMetricsW
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
ExtTextOutW
SetBkColor
CreateDIBSection
GetCurrentObject
CreateDIBitmap
CreateFontW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
VarUI4FromStr
SysFreeString
VarCmp
VariantClear

Sections

.text
Size: 859KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb6a9ab3147a26e6262ad0623ce93171

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 859KB - Virtual size: 859KB

.rdata Size: 281KB - Virtual size: 280KB

.data Size: 71KB - Virtual size: 89KB

.rsrc Size: 324KB - Virtual size: 324KB

.text
Size: 859KB - Virtual size: 859KB

.rdata
Size: 281KB - Virtual size: 280KB

.data
Size: 71KB - Virtual size: 89KB

.rsrc
Size: 324KB - Virtual size: 324KB