ardamax | 67031b9c3d6b3fa7d3496255c9791160_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

67031b9c3d6b3fa7d3496255c9791160_JaffaCakes118
Size

513KB
MD5

67031b9c3d6b3fa7d3496255c9791160
SHA1

b3ef4cb2eb396b3f791951dbe8e7b4cbfb9c2d38
SHA256

942f728d60a0f8465d38ee1e1792e93a445e02bb0f5fed6888139230436521eb
SHA512

e3f6a745442e5cc7f029eb4fce4a18c397829471c178213420cd24d608baef58c23abf5dd2cd970f5ef6081e5232fb6006875cea24b332f99eb37e28659924fc
SSDEEP

12288:hT0/pY0TbWc+9aTMZF5nULEohodtz70ZkPQ5:N2CSbWtM4HdaEgItz70Zko

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67031b9c3d6b3fa7d3496255c9791160_JaffaCakes118

Files

67031b9c3d6b3fa7d3496255c9791160_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f52d12e3bcbea1339895495e9a0a552

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
send
WSAStartup
htons
WSACleanup
getservbyname
inet_addr
gethostbyname
socket
closesocket
shutdown
select
connect

shlwapi

UrlUnescapeW
StrDupW
PathRemoveFileSpecW
PathFileExistsW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
StrFormatByteSizeW
StrCmpIW
PathStripPathW

comctl32

ImageList_Destroy
ImageList_Create
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage
ImageList_LoadImageW
ImageList_Draw
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetImageCount

shell32

DoEnvironmentSubstW
Shell_NotifyIconW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
SHChangeNotify
ExtractIconW
ShellExecuteExW

wininet

InternetGetLastResponseInfoW
InternetOpenW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetConnectW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

LCMapStringW
GetThreadLocale
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringA
Sleep
SetProcessPriorityBoost
EnterCriticalSection
lstrcpyW
MoveFileExW
ExitProcess
CloseHandle
GetCurrentProcessId
CompareStringW
WriteFile
InitializeCriticalSection
lstrlenW
CreateMutexW
CreateFileW
InterlockedIncrement
GetLastError
SetProcessWorkingSetSize
RaiseException
lstrcmpiW
GetCurrentProcess
SizeofResource
InterlockedDecrement
LoadResource
GetVersionExW
DeleteFileW
lstrlenA
FindResourceW
GetDateFormatW
SetLastError
lstrcpyA
LoadLibraryExW
VirtualAlloc
lstrcmpA
VirtualFree
DeleteCriticalSection
GetUserDefaultLangID
CreateThread
SetThreadPriority
lstrcmpW
ResumeThread
LockResource
GlobalLock
GetLocalTime
GlobalUnlock
SystemTimeToFileTime
LoadLibraryW
CompareFileTime
FindResourceExW
FlushInstructionCache
GetCurrentThreadId
GetVersion
GetModuleHandleW
lstrcatW
MultiByteToWideChar
GetProcAddress
GetSystemTimeAsFileTime
GetModuleFileNameW
WideCharToMultiByte
lstrcpynW
RemoveDirectoryW
GetShortPathNameW
FreeLibrary
CreateDirectoryW
GetEnvironmentVariableW
LeaveCriticalSection
OpenProcess
SetFileAttributesW
SetPriorityClass
GetCurrentThread
EnumResourceNamesW
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
SetFilePointer
LocalFree
Module32FirstW
Module32NextW
Process32FirstW
Process32NextW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
CreateToolhelp32Snapshot
OutputDebugStringW
GetTimeZoneInformation
GetComputerNameW
lstrcmpiA
GetTimeFormatW
GetTickCount
CopyFileW
GetTempFileNameW
GetTempPathW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
MoveFileW
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
HeapDestroy
HeapCreate
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
LoadLibraryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
VirtualQuery
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

user32

BeginPaint
GetWindow
LoadIconW
InvalidateRect
SetDlgItemInt
GetDlgItem
EnumWindows
CallWindowProcW
WindowFromPoint
FrameRect
PeekMessageW
KillTimer
SetRectEmpty
UnhookWindowsHookEx
CopyRect
EndPaint
GetParent
GetMessagePos
PtInRect
SendMessageTimeoutW
FindWindowW
OffsetRect
GetFocus
GetDlgItemTextW
RegisterHotKey
DrawEdge
UnregisterHotKey
PostMessageW
SetWindowLongW
MessageBeep
TrackPopupMenuEx
SetFocus
GetMonitorInfoW
MonitorFromPoint
LoadImageW
ReleaseDC
SetClipboardViewer
DestroyWindow
GetWindowTextLengthW
GetDlgItemInt
CharNextW
SetCursor
CallNextHookEx
GetSystemMetrics
ChangeClipboardChain
GetWindowTextW
LoadCursorW
GetKeyState
SetWindowsHookExW
GetSysColor
IsClipboardFormatAvailable
SendMessageW
DrawTextW
GetSysColorBrush
OpenClipboard
DdeInitializeW
SystemParametersInfoW
DdeCreateStringHandleW
DdeConnect
SetDlgItemTextW
DdeClientTransaction
GetClipboardData
DdeAccessData
GetClassLongW
DispatchMessageW
IsMenu
GetClientRect
TranslateMessage
DestroyMenu
SetWindowPos
GetWindowLongW
GetClassInfoExW
GetMessageW
DeleteMenu
CloseClipboard
ReleaseCapture
DdeDisconnect
CheckMenuItem
IsWindowEnabled
EndDialog
DdeFreeStringHandle
IsWindow
GetMenu
InflateRect
GetCapture
DdeUninitialize
GetSubMenu
GetMenuItemCount
ScrollWindow
PostQuitMessage
MapWindowPoints
TrackPopupMenu
AdjustWindowRectEx
DrawFrameControl
SetCapture
SetWindowTextW
GetMenuItemInfoW
MoveWindow
RegisterWindowMessageW
GetWindowThreadProcessId
FillRect
EnableWindow
SetMenuItemInfoW
GetActiveWindow
CharLowerW
GetWindowRect
GetWindowModuleFileNameW
GetDesktopWindow
ModifyMenuW
DestroyIcon
UpdateWindow
wsprintfW
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
GetCursorPos
GetForegroundWindow
ShowWindow
GetDlgCtrlID
GetWindowDC
SetForegroundWindow
SetTimer
MessageBoxW
GetClassNameW
GetDC
LoadMenuW
IsWindowVisible
GetAncestor
ScreenToClient
DefWindowProcW
DrawFocusRect
DialogBoxParamW
RegisterClassExW
CreateWindowExW

gdi32

CreateDIBSection
SetBkMode
CreateCompatibleDC
CreateRectRgnIndirect
SelectObject
CreateBitmap
SetBkColor
BitBlt
ExcludeClipRect
CreateFontW
GetObjectW
CreateFontIndirectW
GetDIBits
SetPolyFillMode
RealizePalette
CombineRgn
DeleteDC
DeleteObject
GetTextMetricsW
SetTextColor
CreateCompatibleBitmap
GetStockObject
CreatePatternBrush
CreateSolidBrush
GetTextExtentPoint32W
CreatePen
SetBrushOrgEx
TextOutW
Polygon
PatBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr

Sections

.text
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f52d12e3bcbea1339895495e9a0a552

Headers

File Characteristics

Imports

ws2_32

shlwapi

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 365KB - Virtual size: 365KB

.rdata Size: 54KB - Virtual size: 56KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 365KB - Virtual size: 365KB

.rdata
Size: 54KB - Virtual size: 56KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 84KB - Virtual size: 84KB