ardamax | d07a06d78b41fa55c66534a3e9c33847_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d07a06d78b41fa55c66534a3e9c33847_JaffaCakes118
Size

1.4MB
MD5

d07a06d78b41fa55c66534a3e9c33847
SHA1

1ff19503bccdc4a287f617dc7c44fa237f3f6a6e
SHA256

a840804a411062c7ae9e44dacd4939fada882b827fcf08ab6b6f62d88ce02299
SHA512

92c4c3f9d82644ec0d29a1e8672d3a80a3304f58a406b90422da698effe558caf17fb46381836da1f47e030b67f493966bee304af46b852de52aa860ecf34bfd
SSDEEP

24576:NKwQuvCFz7twgEB5mQU5TwvWxLi0s8AdTrCpVZyGcksjP2fZL8y103U/WU61r:47twgW8xUy20eTGpVZPds72F6U61r

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d07a06d78b41fa55c66534a3e9c33847_JaffaCakes118

Files

d07a06d78b41fa55c66534a3e9c33847_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c6573644a90758b8c66768c800e240c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpIW
PathAddBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW
PathFindExtensionW
PathFindFileNameW
PathMatchSpecW
PathFileExistsW
StrCpyW
StrDupW
StrFormatByteSizeW

psapi

GetModuleFileNameExW
EnumProcessModules

ws2_32

socket
htons
closesocket
getservbyname
connect
WSAGetLastError
select
__WSAFDIsSet
WSACleanup
WSAStartup
getpeername
inet_ntoa
recv
send
gethostname
inet_addr
ioctlsocket
shutdown
WSASetLastError
gethostbyname

comctl32

ImageList_DrawIndirect
ImageList_Create
CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
ImageList_ReplaceIcon
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw

shell32

ExtractIconW
Shell_NotifyIconW
SHGetSpecialFolderLocation
DoEnvironmentSubstW
ShellExecuteW
SHFileOperationW
ShellExecuteExW
SHChangeNotify
SHGetPathFromIDListW

wininet

InternetOpenW
InternetConnectW
FtpSetCurrentDirectoryW
FtpDeleteFileW
InternetGetLastResponseInfoW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

GetModuleHandleA
FindFirstFileA
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
GetFullPathNameA
CloseHandle
GetLastError
CreateFileW
GetFileSize
ReadFile
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
lstrcpyW
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
FreeResource
lstrcmpW
WriteFile
GetUserDefaultLangID
GetLocaleInfoW
DeleteFileW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
lstrcatW
CompareStringW
RaiseException
lstrcpynW
GetVersionExW
LoadLibraryW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
lstrcmpiW
GetDateFormatW
Sleep
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualAlloc
GetCurrentDirectoryA
VirtualFree
VirtualFreeEx
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetProcessWorkingSetSize
GlobalLock
GlobalUnlock
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
GetTickCount
GetLocalTime
SystemTimeToFileTime
CompareFileTime
CreateThread
SetThreadPriority
ResumeThread
GetModuleFileNameW
GetShortPathNameW
GetEnvironmentVariableW
SetPriorityClass
GetCurrentThread
SetProcessPriorityBoost
MoveFileExW
ExitProcess
GetCurrentProcessId
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateMutexW
GlobalFree
EnumResourceNamesW
SetFilePointer
EndUpdateResourceW
LocalReAlloc
BeginUpdateResourceW
LocalAlloc
UpdateResourceW
LocalFree
GetTimeFormatW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
CreateFileMappingW
GetWindowsDirectoryW
TerminateThread
WaitForSingleObject
MoveFileW
CopyFileW
OutputDebugStringA
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetStartupInfoW
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryA
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
VirtualQuery
SetEnvironmentVariableA
InterlockedCompareExchange
IsProcessorFeaturePresent
ReadProcessMemory
CompareStringA

user32

PostMessageW
CallWindowProcW
ShowWindow
ScreenToClient
ScrollWindow
MoveWindow
GetDC
SetTimer
KillTimer
BeginPaint
EndPaint
IsWindow
ReleaseDC
DestroyIcon
EndDialog
RegisterWindowMessageW
GetAncestor
SendMessageTimeoutW
SystemParametersInfoW
GetWindowThreadProcessId
DdeInitializeW
DdeCreateStringHandleW
DdeConnect
DdeGetLastError
DdeClientTransaction
DdeAccessData
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
GetDlgCtrlID
IsWindowVisible
GetClassNameW
EnumWindows
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
PostQuitMessage
LoadImageW
GetCursorPos
DeleteMenu
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
UpdateWindow
UnhookWindowsHookEx
TrackPopupMenuEx
CallNextHookEx
SetWindowsHookExW
IsMenu
GetDlgItemInt
RegisterHotKey
UnregisterHotKey
GetLastInputInfo
GetDesktopWindow
GetForegroundWindow
GetWindowDC
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
DrawFocusRect
SetRectEmpty
CheckMenuItem
GetSubMenu
LoadMenuW
DialogBoxIndirectParamW
GetMenu
AdjustWindowRectEx
RegisterClassExW
GetClassInfoExW
LookupIconIdFromDirectory
MessageBeep
CreateIconFromResource
FillRect
GetClassLongW
GetSysColorBrush
PtInRect
ReleaseCapture
GetCapture
SetCapture
GetFocus
IsWindowEnabled
WindowFromPoint
GetMessagePos
FrameRect
DrawEdge
CharLowerW
GetKeyState
GetMenuItemID
GetKeyNameTextW
MapVirtualKeyW
CharUpperW
wsprintfW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
SetWindowLongW
SetWindowPos
DestroyMenu
GetActiveWindow
SetFocus
LoadCursorW
SetCursor
EnableWindow
SetDlgItemInt
GetDlgItemTextW
GetWindow
MonitorFromWindow
GetClientRect
MapWindowPoints
SetWindowTextW
MessageBoxW
ModifyMenuW
GetDlgItem
SetDlgItemTextW
SendMessageW
CreateWindowExW
DefWindowProcW
GetParent
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenu
GetWindowRect
InvalidateRect
DrawTextW
GetSysColor
GetSystemMetrics
InflateRect
OffsetRect
DrawFrameControl
CopyRect
GetWindowTextW
GetWindowTextLengthW
FindWindowW
GetWindowLongW

gdi32

CreateCompatibleDC
SetBkMode
SetPolyFillMode
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
RealizePalette
GetDIBits
PatBlt
CreatePatternBrush
SetBrushOrgEx
CreateBitmap
GetObjectW
GetStockObject
Polygon
CreatePen
CreateSolidBrush
SelectObject
DeleteDC
SetTextColor
DeleteObject
SetBkColor
GetTextMetricsW
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
CreateDIBSection
GetCurrentObject
CreateDIBitmap
CreateFontW
CreateFontIndirectW
TextOutW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr
VariantClear
VariantInit
SysFreeString

Sections

.text
Size: 834KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6573644a90758b8c66768c800e240c9

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 834KB - Virtual size: 834KB

.rdata Size: 275KB - Virtual size: 274KB

.data Size: 71KB - Virtual size: 88KB

.rsrc Size: 239KB - Virtual size: 238KB

.text
Size: 834KB - Virtual size: 834KB

.rdata
Size: 275KB - Virtual size: 274KB

.data
Size: 71KB - Virtual size: 88KB

.rsrc
Size: 239KB - Virtual size: 238KB