ardamax | a57a66c2bce0449eba4b4a06e1c0f6e2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a57a66c2bce0449eba4b4a06e1c0f6e2_JaffaCakes118
Size

498KB
MD5

a57a66c2bce0449eba4b4a06e1c0f6e2
SHA1

6678ec40ef6303c2d96da834fd287fecc82cfbb4
SHA256

2b8fcc80e3fce4a08fc1da91703e499bb1327eb34da44dedd303e01242d6f846
SHA512

6f70817a4851131baee4c022f38134f6add327f089a399ef3c54ca377f2d80685af97c01e7d628a59149c18eb9d3c62a57c25fe40b72947f711fa0a24e768112
SSDEEP

6144:QKGQ+VibWYCNiwZ69q5qbvN5Qm2oMnz6GH/FVlN7gvuAV7:vGQ+VibWp4q47t2oJv1l

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a57a66c2bce0449eba4b4a06e1c0f6e2_JaffaCakes118

Files

a57a66c2bce0449eba4b4a06e1c0f6e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

03cf1e0c3f3b88f36b339556f601df41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
PathStripPathW
PathRemoveFileSpecW
PathFindFileNameW
PathRemoveExtensionW
PathFileExistsW
StrFormatByteSizeW

ws2_32

WSACleanup
htons
WSAStartup
getservbyname
inet_addr
gethostbyname
socket
connect
shutdown
closesocket
send
recv
select

comctl32

InitCommonControlsEx
ImageList_Draw
ImageList_LoadImageW
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetImageCount
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW

wininet

InternetGetLastResponseInfoW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetConnectW
InternetOpenW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

SetThreadPriority
LoadResource
GetSystemTimeAsFileTime
ResumeThread
FindResourceW
GetUserDefaultLangID
CloseHandle
LoadLibraryExW
GetLocalTime
OpenProcess
lstrcpynW
lstrcatW
SystemTimeToFileTime
lstrlenW
CompareFileTime
FlushInstructionCache
GetVersionExW
CreateFileW
RemoveDirectoryW
DeleteCriticalSection
CreateDirectoryW
GetModuleFileNameW
FindResourceExW
WriteFile
GetShortPathNameW
SetFileAttributesW
GetEnvironmentVariableW
LockResource
DeleteFileW
lstrlenA
lstrcmpiW
SetPriorityClass
WideCharToMultiByte
SetLastError
lstrcpyA
GetCurrentThread
lstrcmpA
SetProcessPriorityBoost
VirtualAlloc
MoveFileExW
VirtualFree
ExitProcess
GetCurrentThreadId
lstrcmpW
GetCurrentProcessId
SetProcessWorkingSetSize
GetCurrentProcess
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
CreateMutexW
GetLastError
InitializeCriticalSection
RaiseException
MultiByteToWideChar
EnterCriticalSection
CompareStringW
InterlockedIncrement
LoadLibraryW
GlobalLock
lstrcpyW
FreeLibrary
GlobalUnlock
Sleep
CreateThread
InterlockedDecrement
SizeofResource
Process32FirstW
Process32NextW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
FormatMessageW
LocalAlloc
LocalFree
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
ReadFile
OutputDebugStringW
GetTimeZoneInformation
GetComputerNameW
GetDateFormatW
lstrcmpiA
GetTimeFormatW
GetTickCount
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
MoveFileW
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoA
RtlUnwind
InterlockedExchange
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
SetEnvironmentVariableA
InterlockedCompareExchange
IsProcessorFeaturePresent
GetThreadLocale

user32

SystemParametersInfoW
PostMessageW
SendMessageTimeoutW
MonitorFromPoint
GetSysColor
EnableWindow
TranslateMessage
IsMenu
CallNextHookEx
GetDlgCtrlID
GetMessageW
DestroyMenu
GetClassLongW
SetFocus
GetKeyState
DrawTextW
IsWindowVisible
GetCursorPos
GetClassNameW
CheckMenuItem
GetWindowLongW
LoadImageW
SetWindowsHookExW
GetSubMenu
GetMenuItemCount
CreateWindowExW
GetDesktopWindow
GetDlgItemInt
InflateRect
GetWindow
GetForegroundWindow
SetWindowPos
EnableMenuItem
GetMenuItemInfoW
EnumWindows
GetWindowDC
SetMenuItemInfoW
DrawFrameControl
GetWindowTextLengthW
DialogBoxParamW
GetMenu
SetForegroundWindow
DrawFocusRect
SetDlgItemTextW
UpdateWindow
ReleaseCapture
TrackPopupMenu
GetWindowTextW
AdjustWindowRectEx
DefWindowProcW
GetCapture
IsWindowEnabled
EndDialog
SendMessageW
FindWindowW
InvalidateRect
SetCapture
GetClientRect
DdeInitializeW
SetRectEmpty
DdeCreateStringHandleW
RegisterHotKey
LoadMenuW
DdeConnect
MapWindowPoints
FillRect
DdeClientTransaction
UnregisterHotKey
DdeAccessData
RegisterClassExW
LoadIconW
SetClipboardViewer
DispatchMessageW
CallWindowProcW
ScrollWindow
SetDlgItemInt
GetDlgItem
ChangeClipboardChain
GetClassInfoExW
GetParent
ScreenToClient
DdeDisconnect
MoveWindow
DdeFreeStringHandle
SetWindowTextW
DdeUninitialize
RegisterWindowMessageW
IsClipboardFormatAvailable
CopyRect
ModifyMenuW
GetActiveWindow
GetWindowRect
OpenClipboard
SetWindowLongW
MessageBeep
WindowFromPoint
ShowWindow
GetClipboardData
GetMessagePos
FrameRect
UnhookWindowsHookEx
PeekMessageW
MessageBoxW
GetDC
OffsetRect
PtInRect
ReleaseDC
SetTimer
DrawEdge
GetFocus
wsprintfW
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
BeginPaint
CloseClipboard
GetAncestor
CharNextW
IsWindow
SetCursor
KillTimer
EndPaint
PostQuitMessage
DestroyWindow
GetWindowModuleFileNameW
GetMonitorInfoW
GetSysColorBrush
GetSystemMetrics
TrackPopupMenuEx
GetDlgItemTextW
GetWindowThreadProcessId
LoadCursorW
CharLowerW

gdi32

SetBrushOrgEx
CreatePen
GetStockObject
PatBlt
CreateDIBSection
CreateCompatibleDC
CreateBitmap
SetBkColor
GetObjectW
GetDIBits
RealizePalette
SetTextColor
CreateSolidBrush
CreateFontIndirectW
BitBlt
TextOutW
CreateRectRgnIndirect
SelectObject
DeleteObject
SetPolyFillMode
SetBkMode
CombineRgn
DeleteDC
CreateFontW
ExcludeClipRect
CreateCompatibleBitmap
GetTextExtentPoint32W
GetTextMetricsW
CreatePatternBrush
Polygon

ole32

CoTaskMemAlloc
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr
SysFreeString

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03cf1e0c3f3b88f36b339556f601df41

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 337KB - Virtual size: 337KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 98KB - Virtual size: 98KB

.text
Size: 337KB - Virtual size: 337KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 98KB - Virtual size: 98KB