ardamax | 24a47208e43d0e0a7966e5f68dd33449_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24a47208e43d0e0a7966e5f68dd33449_JaffaCakes118
Size

912KB
MD5

24a47208e43d0e0a7966e5f68dd33449
SHA1

df00c3178a097d992cb24fbd7fc9eb6aacd4e169
SHA256

e72ac3e8206ea2f2ea4aa89d4a09f946b3caf58f2b50084da17b0c901e916841
SHA512

85f7fcb3c7d06b0290b817e77951a617d0286607fc9170e252157b15fde2c97d3bed1b99021f1f86eb32e523508abbe758d9a89c721250f1df3ae7c9f0d03934
SSDEEP

12288:7iTqJKIx33aV1XINa4Dq6xGJOpqtAnWGgAIb3NEnCztPvnK3STFi:e4KEnaVIan0Gkp0AWG1Imw83OF

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24a47208e43d0e0a7966e5f68dd33449_JaffaCakes118

Files

24a47208e43d0e0a7966e5f68dd33449_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ony
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2k8
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE