ardamax | b46b4c7b15f3f67f159da7e1f1c7c132

Sharing

Copy URL Twitter E-mail

General

Target

b46b4c7b15f3f67f159da7e1f1c7c132
Size

430KB
MD5

b46b4c7b15f3f67f159da7e1f1c7c132
SHA1

bbdaec00bf0a5069965c1c56d773825da08df600
SHA256

e57ba4f64af18480a0de5ac57be31892717d565c63b1ebe3d86b4579ecfd6b62
SHA512

a9e081c37754e7456925d851f91ffef6534ae8f02e5ec7a91ae302c0eb3684c15235e8cddcbec6ec87302552d2a9b4fd492676708c732fd2d6ac83479a678145
SSDEEP

6144:IkIahY1erZBfqalnScbWpmiYTEhkr6km7iADo/+V0N0/:IqY1er/nSc6/uekrtA

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b46b4c7b15f3f67f159da7e1f1c7c132

Files

b46b4c7b15f3f67f159da7e1f1c7c132
.exe windows:4 windows x86 arch:x86

5628816c76062b9cd4f1e4fb29de3027

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
StrDupW
PathRemoveFileSpecW
PathFileExistsW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
StrFormatByteSizeW
StrCmpIW
PathStripPathW

ws2_32

recv
send
WSAStartup
htons
WSACleanup
getservbyname
inet_addr
gethostbyname
socket
closesocket
shutdown
select
connect

comctl32

ImageList_Destroy
ImageList_Create
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage
ImageList_LoadImageW
ImageList_Draw
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetImageCount

shell32

DoEnvironmentSubstW
Shell_NotifyIconW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHChangeNotify
ExtractIconW
ShellExecuteExW

wininet

InternetGetLastResponseInfoW
InternetOpenW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetConnectW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

LCMapStringW
GetThreadLocale
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringA
Sleep
SetProcessPriorityBoost
EnterCriticalSection
lstrcpyW
MoveFileExW
ExitProcess
CloseHandle
GetCurrentProcessId
CompareStringW
WriteFile
InitializeCriticalSection
lstrlenW
CreateMutexW
CreateFileW
InterlockedIncrement
GetLastError
SetProcessWorkingSetSize
RaiseException
lstrcmpiW
GetCurrentProcess
SizeofResource
InterlockedDecrement
LoadResource
GetVersionExW
DeleteFileW
lstrlenA
FindResourceW
GetDateFormatW
SetLastError
lstrcpyA
LoadLibraryExW
VirtualAlloc
lstrcmpA
VirtualFree
DeleteCriticalSection
GetUserDefaultLangID
CreateThread
SetThreadPriority
lstrcmpW
ResumeThread
LockResource
GlobalLock
GetLocalTime
GlobalUnlock
SystemTimeToFileTime
LoadLibraryW
CompareFileTime
FindResourceExW
FlushInstructionCache
GetCurrentThreadId
GetVersion
GetModuleHandleW
lstrcatW
MultiByteToWideChar
GetProcAddress
GetSystemTimeAsFileTime
GetModuleFileNameW
WideCharToMultiByte
lstrcpynW
RemoveDirectoryW
GetShortPathNameW
FreeLibrary
CreateDirectoryW
GetEnvironmentVariableW
LeaveCriticalSection
OpenProcess
SetFileAttributesW
SetPriorityClass
GetCurrentThread
EnumResourceNamesW
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
SetFilePointer
LocalFree
Module32FirstW
Module32NextW
Process32FirstW
Process32NextW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
CreateToolhelp32Snapshot
OutputDebugStringW
GetTimeZoneInformation
GetComputerNameW
lstrcmpiA
GetTimeFormatW
GetTickCount
CopyFileW
GetTempFileNameW
GetTempPathW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
MoveFileW
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
HeapDestroy
HeapCreate
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
LoadLibraryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
VirtualQuery
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

user32

BeginPaint
GetWindow
LoadIconW
InvalidateRect
SetDlgItemInt
GetDlgItem
EnumWindows
CallWindowProcW
WindowFromPoint
FrameRect
PeekMessageW
KillTimer
SetRectEmpty
UnhookWindowsHookEx
CopyRect
EndPaint
GetParent
GetMessagePos
PtInRect
SendMessageTimeoutW
FindWindowW
OffsetRect
GetFocus
GetDlgItemTextW
RegisterHotKey
DrawEdge
UnregisterHotKey
PostMessageW
SetWindowLongW
MessageBeep
TrackPopupMenuEx
SetFocus
GetMonitorInfoW
MonitorFromPoint
LoadImageW
ReleaseDC
SetClipboardViewer
DestroyWindow
GetWindowTextLengthW
GetDlgItemInt
CharNextW
SetCursor
CallNextHookEx
GetSystemMetrics
ChangeClipboardChain
GetWindowTextW
LoadCursorW
GetKeyState
SetWindowsHookExW
GetSysColor
IsClipboardFormatAvailable
SendMessageW
DrawTextW
GetSysColorBrush
OpenClipboard
DdeInitializeW
SystemParametersInfoW
DdeCreateStringHandleW
DdeConnect
SetDlgItemTextW
DdeClientTransaction
GetClipboardData
DdeAccessData
GetClassLongW
DispatchMessageW
IsMenu
GetClientRect
TranslateMessage
DestroyMenu
SetWindowPos
GetWindowLongW
GetClassInfoExW
GetMessageW
DeleteMenu
CloseClipboard
ReleaseCapture
DdeDisconnect
CheckMenuItem
IsWindowEnabled
EndDialog
DdeFreeStringHandle
IsWindow
GetMenu
InflateRect
GetCapture
DdeUninitialize
GetSubMenu
GetMenuItemCount
ScrollWindow
PostQuitMessage
MapWindowPoints
TrackPopupMenu
AdjustWindowRectEx
DrawFrameControl
SetCapture
SetWindowTextW
GetMenuItemInfoW
MoveWindow
RegisterWindowMessageW
GetWindowThreadProcessId
FillRect
EnableWindow
SetMenuItemInfoW
GetActiveWindow
CharLowerW
GetWindowRect
GetWindowModuleFileNameW
GetDesktopWindow
ModifyMenuW
DestroyIcon
UpdateWindow
wsprintfW
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
GetCursorPos
GetForegroundWindow
ShowWindow
GetDlgCtrlID
GetWindowDC
SetForegroundWindow
SetTimer
MessageBoxW
GetClassNameW
GetDC
LoadMenuW
IsWindowVisible
GetAncestor
ScreenToClient
DefWindowProcW
DrawFocusRect
DialogBoxParamW
RegisterClassExW
CreateWindowExW

gdi32

CreateDIBSection
SetBkMode
CreateCompatibleDC
CreateRectRgnIndirect
SelectObject
CreateBitmap
SetBkColor
BitBlt
ExcludeClipRect
CreateFontW
GetObjectW
CreateFontIndirectW
GetDIBits
SetPolyFillMode
RealizePalette
CombineRgn
DeleteDC
DeleteObject
GetTextMetricsW
SetTextColor
CreateCompatibleBitmap
GetStockObject
CreatePatternBrush
CreateSolidBrush
GetTextExtentPoint32W
CreatePen
SetBrushOrgEx
TextOutW
Polygon
PatBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

Sections

.text
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5628816c76062b9cd4f1e4fb29de3027

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 365KB - Virtual size: 364KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 584B

.text
Size: 365KB - Virtual size: 364KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 584B