ardamax | 314439b7bafa40b58990c1363a944a46_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

314439b7bafa40b58990c1363a944a46_JaffaCakes118
Size

259KB
MD5

314439b7bafa40b58990c1363a944a46
SHA1

82ea91dd4123aefd04e659d5feafebdd41117504
SHA256

d32d7da0a26995869c33ccccfa1f297f77f9c3f75c885f3601ad4238f836fd22
SHA512

6e222322085135897541514fcddcbdc06d2955a9e4e48d2629c728a13172f7492f30d1eaf39f67970c2f3a7e13595368c7399718c5510d1d6a605b8f0793c3d0
SSDEEP

6144:Foms7OUURSBHOyK2AlkMgeKfzJMC/uuP:Ds7W2HOjl6eKyC2

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
314439b7bafa40b58990c1363a944a46_JaffaCakes118

Files

314439b7bafa40b58990c1363a944a46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE