ardamax | 623d51c5f793e1632fbc91ce2ae5c040_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

623d51c5f793e1632fbc91ce2ae5c040_JaffaCakes118
Size

1.3MB
MD5

623d51c5f793e1632fbc91ce2ae5c040
SHA1

25c042654f38aedbed5e11667ba7e6dd7ead4e13
SHA256

8e8687e9aa58762f4c4eb746fd9e8ba14761341b38618fc7b0839f94ff9a696f
SHA512

c6165a6d2dfbd59c9a732dbf04bed998dbdaa6b0f631f994415769043f80cbc1091b4c3301174950bd6544a15b26883b8769cf3d1798cd36ae8a5c7f0db77809
SSDEEP

24576:uluexqM09p5c3kkXVr/G4fGjDhWBxZlyAVnUMcZVTrWpx8fjgP/H:uluexO9PKkklre4fE4nzVYZVT6px8f

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
623d51c5f793e1632fbc91ce2ae5c040_JaffaCakes118

Files

623d51c5f793e1632fbc91ce2ae5c040_JaffaCakes118
.exe windows:5 windows x86 arch:x86

86e1e8a6493c86f4e080740cff977276

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashW
PathAppendW
PathRemoveExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatByteSizeW
PathFileExistsW
UrlUnescapeW
PathStripPathW

ws2_32

gethostname
closesocket
inet_ntoa
WSASetLastError
getpeername
inet_addr
htons
getservbyname
socket
send
recv
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
connect
gethostbyname
shutdown
ioctlsocket

comctl32

ImageList_ReplaceIcon
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage
ImageList_Create
ImageList_DrawIndirect
ImageList_Draw
ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx
CreatePropertySheetPageW

shell32

ShellExecuteW
Shell_NotifyIconW
SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

wininet

FtpPutFileW
InternetCloseHandle
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetGetLastResponseInfoW
InternetOpenW
InternetConnectW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

FindFirstFileA
FindClose
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetProcAddress
LoadLibraryW
GetVersionExW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrlenW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
lstrcmpiW
LoadResource
FindResourceW
SizeofResource
LockResource
FreeResource
GlobalFree
GlobalUnlock
SetLastError
FindResourceExW
LoadLibraryExW
GetModuleFileNameW
lstrcpyW
GetCurrentProcessId
lstrcmpW
lstrcatW
OpenProcess
lstrcpynW
MoveFileExW
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableW
GetShortPathNameW
GlobalLock
SetFileAttributesW
GetTickCount
DeleteFileW
CreateFileW
WriteFile
CreateDirectoryW
RemoveDirectoryW
GetSystemTimeAsFileTime
GetLocaleInfoW
VirtualFreeEx
VirtualFree
ReadProcessMemory
VirtualAlloc
WriteProcessMemory
VirtualAllocEx
ExitProcess
Sleep
ResumeThread
CreateThread
CompareFileTime
SystemTimeToFileTime
GetLocalTime
SetProcessWorkingSetSize
GetUserDefaultLangID
CreateMutexW
LocalAlloc
LocalFree
SetFilePointer
ReadFile
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetWindowsDirectoryW
FormatMessageW
CopyFileW
OutputDebugStringA
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetTempPathW
MoveFileW
HeapFree
HeapAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
VirtualQuery
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetModuleHandleA
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
LoadLibraryA
GetLocaleInfoA
InterlockedExchange
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
InterlockedCompareExchange
IsProcessorFeaturePresent
GetFullPathNameA
GetCurrentDirectoryA
CompareStringW
CompareStringA

user32

GetWindowTextLengthW
SetTimer
SetFocus
GetDlgItemTextW
MessageBoxW
GetActiveWindow
DestroyMenu
GetDC
KillTimer
CallWindowProcW
PostMessageW
ScreenToClient
UpdateWindow
InvalidateRect
IsWindowVisible
IsWindowEnabled
GetWindowThreadProcessId
FillRect
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
SetMenuItemInfoW
GetFocus
DrawTextW
DrawFrameControl
MonitorFromPoint
DrawEdge
TrackPopupMenuEx
ModifyMenuW
FrameRect
MessageBeep
WindowFromPoint
GetMessagePos
GetWindowDC
ReleaseDC
GetSysColor
GetSysColorBrush
RegisterWindowMessageW
GetSystemMetrics
SetRectEmpty
SystemParametersInfoW
InflateRect
UnhookWindowsHookEx
CharLowerW
GetKeyState
CallNextHookEx
OffsetRect
GetClassNameW
SetWindowsHookExW
IsMenu
PtInRect
GetSubMenu
GetWindowModuleFileNameW
UnregisterHotKey
RegisterHotKey
ChangeClipboardChain
DialogBoxParamW
OpenClipboard
CheckMenuItem
CreateIconFromResource
GetWindowTextW
GetDlgCtrlID
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
DrawFocusRect
CopyRect
TrackPopupMenu
LookupIconIdFromDirectory
GetClassLongW
GetDesktopWindow
GetForegroundWindow
GetLastInputInfo
LoadMenuW
SetCapture
SetCursor
GetCursorPos
ReleaseCapture
GetCapture
GetDlgItemInt
SetDlgItemInt
GetMenu
AdjustWindowRectEx
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
DdeAccessData
DdeClientTransaction
DdeGetLastError
DdeConnect
DdeCreateStringHandleW
DdeInitializeW
SetForegroundWindow
MoveWindow
ShowWindow
ScrollWindow
SendMessageTimeoutW
EnumWindows
PostQuitMessage
GetAncestor
FindWindowW
wsprintfW
GetKeyNameTextW
MapVirtualKeyW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
DestroyIcon
IsWindow
GetWindowLongW
SetWindowLongW
DialogBoxIndirectParamW
CreateWindowExW
RegisterClassExW
EndPaint
BeginPaint
EndDialog
LoadImageW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SendMessageW
GetDlgItem
GetParent
SetDlgItemTextW
EnableWindow
GetWindowRect
SetWindowTextW
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
LoadCursorW
SetClipboardViewer
GetClassInfoExW

gdi32

CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectW
SetBrushOrgEx
RealizePalette
GetDIBits
CreateDIBitmap
GetTextMetricsW
GetStockObject
GetCurrentObject
CreateSolidBrush
GetTextExtentPoint32W
DeleteDC
SetTextColor
SelectObject
SetBkMode
CreateFontW
TextOutW
DeleteObject
CreatePen
Polygon
CombineRgn
CreateRectRgnIndirect
ExcludeClipRect
SetPolyFillMode
CreateDIBSection
CreatePatternBrush
CreateBitmap
PatBlt
SetBkColor

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantClear
VariantInit
SysFreeString
VarUI4FromStr

Sections

.text
Size: 805KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86e1e8a6493c86f4e080740cff977276

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 805KB - Virtual size: 805KB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 71KB - Virtual size: 88KB

.rsrc Size: 199KB - Virtual size: 199KB

.text
Size: 805KB - Virtual size: 805KB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 71KB - Virtual size: 88KB

.rsrc
Size: 199KB - Virtual size: 199KB