ardamax | 17535dddecf8cb1efdba1f1952126547_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17535dddecf8cb1efdba1f1952126547_JaffaCakes118
Size

473KB
MD5

17535dddecf8cb1efdba1f1952126547
SHA1

a862a9a3eb6c201751be1038537522a5281ea6cb
SHA256

1a3d28ac6359e58aa656f4734f9f36b6c09badadcf9fb900b9b118d90c38a9dd
SHA512

b4f31b552ab3bb3dafa365aa7a31f58674ae7ee82ce1d23457f2e7047431430b00abb3b5498491725639daf583b526b278a737168cfdc4e9ec796dfbc14a53d8
SSDEEP

6144:gP/HgQr8z0psVGBJbsvUIvpBSkULIMxEIvs/IV2JN4Xd8Ab:0gQNIGBJ/igkUYItFb

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17535dddecf8cb1efdba1f1952126547_JaffaCakes118

Files

17535dddecf8cb1efdba1f1952126547_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f540a07307a950dc21e42040216c83fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
StrCmpIW
PathFindExtensionW
PathFindFileNameW
PathStripPathW
PathRemoveFileSpecW
StrFormatByteSizeW
PathRemoveExtensionW
StrDupW
PathFileExistsW

ws2_32

send
getservbyname
WSACleanup
WSAStartup
htons
inet_addr
gethostbyname
socket
connect
select
closesocket
recv
shutdown

comctl32

PropertySheetW
InitCommonControlsEx
ImageList_LoadImageW
ImageList_Draw
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Create
_TrackMouseEvent
CreatePropertySheetPageW
DestroyPropertySheetPage

shell32

SHChangeNotify
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ExtractIconW
DoEnvironmentSubstW

wininet

InternetGetLastResponseInfoW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetConnectW
InternetOpenW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetStringTypeA
GetThreadLocale
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringA
GetCurrentProcess
GetModuleHandleW
LockResource
LoadLibraryW
GetProcAddress
GetVersion
VirtualAlloc
MultiByteToWideChar
FindResourceExW
FlushInstructionCache
WideCharToMultiByte
VirtualFree
FreeLibrary
GetCurrentThreadId
CreateThread
SetThreadPriority
ResumeThread
GlobalLock
GetLocalTime
LeaveCriticalSection
lstrcpyW
GlobalUnlock
SystemTimeToFileTime
CompareFileTime
lstrcatW
GetSystemTimeAsFileTime
GetModuleFileNameW
EnterCriticalSection
CloseHandle
CreateFileW
lstrcpynW
RemoveDirectoryW
GetShortPathNameW
CreateDirectoryW
GetEnvironmentVariableW
WriteFile
OpenProcess
SetFileAttributesW
SetPriorityClass
CompareStringW
lstrlenW
GetCurrentThread
Sleep
SetProcessPriorityBoost
InitializeCriticalSection
DeleteFileW
InterlockedIncrement
MoveFileExW
SetLastError
ExitProcess
RaiseException
SizeofResource
lstrcmpiW
GetCurrentProcessId
InterlockedDecrement
LoadResource
lstrlenA
FindResourceW
lstrcmpW
lstrcpyA
LoadLibraryExW
GetDateFormatW
GetVersionExW
lstrcmpA
CreateMutexW
DeleteCriticalSection
GetLastError
SetProcessWorkingSetSize
LocalReAlloc
ReadFile
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
SetFilePointer
LocalFree
EnumResourceNamesW
LocalAlloc
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
Process32FirstW
Process32NextW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
GetTimeZoneInformation
GetComputerNameW
lstrcmpiA
GetTimeFormatW
GetTickCount
OutputDebugStringW
CopyFileW
GetTempFileNameW
GetTempPathW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
MoveFileW
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
InterlockedExchange
LoadLibraryA
RtlUnwind
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
VirtualQuery
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

user32

ReleaseCapture
CheckMenuItem
GetMenuItemCount
IsWindowEnabled
SetWindowTextW
GetMenu
InflateRect
GetCapture
IsClipboardFormatAvailable
GetSubMenu
EnableWindow
SendMessageW
OpenClipboard
GetMenuItemInfoW
MessageBoxW
GetActiveWindow
DdeInitializeW
AdjustWindowRectEx
DrawFrameControl
SetCapture
DdeCreateStringHandleW
SetMenuItemInfoW
DdeConnect
DestroyIcon
DdeClientTransaction
GetClipboardData
DispatchMessageW
MapWindowPoints
DdeAccessData
ShowWindow
TranslateMessage
UpdateWindow
CharLowerW
GetDC
FillRect
GetMessageW
SetTimer
CloseClipboard
DrawFocusRect
DialogBoxParamW
RegisterClassExW
DdeDisconnect
ScreenToClient
KillTimer
EndDialog
DdeFreeStringHandle
IsWindow
DdeUninitialize
LoadMenuW
GetDlgItem
PostQuitMessage
TrackPopupMenu
GetClassInfoExW
GetDlgItemTextW
BeginPaint
LoadIconW
InvalidateRect
SetDlgItemInt
RegisterWindowMessageW
GetWindowThreadProcessId
CallWindowProcW
GetParent
WindowFromPoint
FrameRect
PeekMessageW
PostMessageW
SetRectEmpty
EndPaint
GetMessagePos
PtInRect
GetWindowModuleFileNameW
GetDesktopWindow
GetWindowTextW
GetFocus
GetForegroundWindow
UnhookWindowsHookEx
SetFocus
DefWindowProcW
DrawEdge
GetDlgCtrlID
GetCursorPos
GetWindowDC
MessageBeep
LoadImageW
GetAncestor
IsWindowVisible
SetWindowLongW
ModifyMenuW
CopyRect
GetClassNameW
GetDlgItemInt
SetForegroundWindow
GetWindow
EnumWindows
TrackPopupMenuEx
ReleaseDC
DestroyWindow
LoadStringW
GetMonitorInfoW
SendMessageTimeoutW
FindWindowW
CharNextW
MonitorFromPoint
GetClientRect
SetCursor
RegisterHotKey
LoadCursorW
UnregisterHotKey
GetKeyState
CallNextHookEx
DrawTextW
GetSysColorBrush
MapVirtualKeyW
GetKeyNameTextW
wsprintfW
UnregisterClassA
ScrollWindow
SystemParametersInfoW
SetWindowsHookExW
GetSystemMetrics
IsMenu
DeleteMenu
ChangeClipboardChain
CreateWindowExW
GetWindowLongW
SetWindowPos
GetWindowRect
GetWindowTextLengthW
GetSysColor
DestroyMenu
SetClipboardViewer
SetDlgItemTextW
MoveWindow
GetClassLongW
OffsetRect

gdi32

GetTextMetricsW
SetTextColor
CreateCompatibleBitmap
CreatePen
GetStockObject
CreatePatternBrush
GetTextExtentPoint32W
SetBrushOrgEx
TextOutW
Polygon
PatBlt
SetPolyFillMode
GetDIBits
DeleteDC
RealizePalette
CreateSolidBrush
CreateDIBSection
SetBkMode
CreateCompatibleDC
CreateRectRgnIndirect
SelectObject
CreateBitmap
CombineRgn
SetBkColor
GetObjectW
BitBlt
CreateFontIndirectW
ExcludeClipRect
CreateFontW
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f540a07307a950dc21e42040216c83fb

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 354KB - Virtual size: 354KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 47KB - Virtual size: 47KB

.text
Size: 354KB - Virtual size: 354KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 47KB - Virtual size: 47KB