ardamax | b306ff9927251c40c34fe6bfef07756b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b306ff9927251c40c34fe6bfef07756b_JaffaCakes118
Size

476KB
MD5

b306ff9927251c40c34fe6bfef07756b
SHA1

8d6975fc095b7a96393d61a63fb610d71931666a
SHA256

65083234a079905c3b945cb178388dc287c2521ef59817885f1cc2e522a68db7
SHA512

08e633e2d43f13cb748f67378a777cc124f693815f63ed5a3a64ad2ebe11001145a01f83d9d3bddc0f9f590677ee6bcfeabeb5a259b10b426344961e333b3996
SSDEEP

6144:4HKp19Im2Eebfb8t/OVlyzw2JPUU/MV8NIByAy:R19pGf6YlyF+y

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b306ff9927251c40c34fe6bfef07756b_JaffaCakes118

Files

b306ff9927251c40c34fe6bfef07756b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e741877ca361271b07a2b4ddec6dc0db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
StrCmpIW
StrDupW
PathRemoveExtensionW
PathStripPathW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrFormatByteSizeW

ws2_32

recv
select
closesocket
shutdown
connect
inet_addr
socket
gethostbyname
WSAStartup
htons
WSACleanup
getservbyname
send

comctl32

InitCommonControlsEx
ImageList_Draw
ImageList_Create
ImageList_ReplaceIcon
CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
ImageList_LoadImageW
ImageList_Destroy
ImageList_GetImageCount
_TrackMouseEvent

shell32

SHChangeNotify
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW
ExtractIconW
DoEnvironmentSubstW
ShellExecuteW

wininet

FtpSetCurrentDirectoryW
FtpDeleteFileW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpPutFileW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetOpenW
InternetConnectW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetStringTypeW
IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
SetEnvironmentVariableA
lstrcpyW
lstrlenW
CreateFileW
lstrcmpW
DeleteFileW
SetLastError
GetModuleHandleW
GetProcAddress
FindResourceExW
lstrlenA
lstrcpyA
lstrcmpA
LoadLibraryW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
CloseHandle
WriteFile
lstrcmpiW
GetDateFormatW
Sleep
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
OpenProcess
SetProcessWorkingSetSize
GetCurrentProcess
GlobalLock
GlobalUnlock
lstrcpynW
GetFileAttributesW
SetFileAttributesW
CreateThread
SetThreadPriority
ResumeThread
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetModuleFileNameW
GetShortPathNameW
GetEnvironmentVariableW
lstrcatW
SetPriorityClass
GetCurrentThread
SetProcessPriorityBoost
MoveFileExW
ExitProcess
GetCurrentProcessId
CreateMutexW
GetLastError
InitializeCriticalSection
RaiseException
FlushInstructionCache
LockResource
InterlockedIncrement
InterlockedDecrement
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
DeleteCriticalSection
CompareStringW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
EnumResourceNamesW
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
SetFilePointer
LocalFree
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
Process32FirstW
Process32NextW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
GetTimeZoneInformation
GetTimeFormatW
GetTickCount
OutputDebugStringW
GetComputerNameW
lstrcmpiA
CopyFileW
GetTempFileNameW
GetTempPathW
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileW
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
HeapDestroy
HeapCreate
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
LoadLibraryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA

user32

DestroyIcon
EndDialog
RegisterWindowMessageW
GetAncestor
SendMessageTimeoutW
GetWindowTextLengthW
GetWindowTextW
SendMessageW
GetWindowThreadProcessId
GetWindowModuleFileNameW
GetDlgCtrlID
IsWindowVisible
GetClassNameW
GetWindow
EnumWindows
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsWindow
PostQuitMessage
GetCursorPos
SetForegroundWindow
FindWindowW
RegisterHotKey
UnregisterHotKey
GetDesktopWindow
GetForegroundWindow
GetWindowDC
DispatchMessageW
TranslateMessage
GetMessageW
DefWindowProcW
DrawFocusRect
SetRectEmpty
DeleteMenu
CheckMenuItem
GetSubMenu
LoadMenuW
LoadIconW
CallWindowProcW
DialogBoxParamW
InvalidateRect
SetWindowPos
GetMenu
AdjustWindowRectEx
RegisterClassExW
GetClassInfoExW
DestroyWindow
IsMenu
DestroyMenu
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
UpdateWindow
GetParent
MessageBeep
LoadStringW
CharNextW
DrawTextW
GetClassLongW
SetWindowLongW
ReleaseDC
GetDlgItem
LoadCursorW
GetSysColorBrush
SystemParametersInfoW
GetWindowLongW
InflateRect
DrawFrameControl
CreateWindowExW
SetDlgItemInt
ReleaseCapture
GetCapture
SetCapture
ScreenToClient
WindowFromPoint
GetMessagePos
GetKeyState
FrameRect
OffsetRect
DrawEdge
IsWindowEnabled
CharLowerW
PeekMessageW
PtInRect
GetFocus
ModifyMenuW
TrackPopupMenuEx
GetMonitorInfoW
MonitorFromPoint
MapWindowPoints
FillRect
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
wsprintfW
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
CopyRect
GetSystemMetrics
GetSysColor
TrackPopupMenu
MessageBoxW
ShowWindow
EndPaint
BeginPaint
GetWindowRect
MoveWindow
ScrollWindow
GetClientRect
LoadImageW
PostMessageW
KillTimer
GetDlgItemTextW
SetFocus
GetDlgItemInt
SetDlgItemTextW
SetWindowTextW
EnableWindow
GetActiveWindow
GetDC
SetTimer
SetCursor

gdi32

GetObjectW
CreateFontIndirectW
DeleteObject
PatBlt
CreateDIBSection
CreateCompatibleDC
SetBkColor
BitBlt
DeleteDC
CreateCompatibleBitmap
CreatePatternBrush
SetBrushOrgEx
GetDIBits
CreatePen
RealizePalette
CreateBitmap
GetTextMetricsW
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
SetTextColor
GetStockObject
CreateSolidBrush
CreateFontW
TextOutW
Polygon
SetPolyFillMode
SetBkMode
SelectObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr
DispCallFunc
VariantInit
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
VariantClear

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e741877ca361271b07a2b4ddec6dc0db

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 48KB - Virtual size: 47KB