ardamax | 6c94881041df04b34498298262be0095_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6c94881041df04b34498298262be0095_JaffaCakes118
Size

1.3MB
MD5

6c94881041df04b34498298262be0095
SHA1

a55cf3e5b3d04cbc3fff689219bb4176db698afa
SHA256

b8e1a7f773703fd5b7e7658bc3f54fd50e4ea6502f9ed3b996c3ef9c977b3d9f
SHA512

dba2ad2dcb51d7dc9e01e668e91132fbb22c6c1423c3dc96c081a1bcc2614987e4091d99c9035abf4c1c2b485c36095a06cfaea67431e1d18a83c186bcea4fbf
SSDEEP

24576:glGU8U4NBgbio7hrFjnitUskYc2ZufsUYYNxQxHJMLTTZaTrupMWnStQGaZpeO7F:glGU8U4U7hrFjnMUjYc2xNoWJMTZaTyh

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax
Ardamax main executable 1 IoCs

Processes:

resource yara_rule

sample family_ardamax

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6c94881041df04b34498298262be0095_JaffaCakes118

Files

6c94881041df04b34498298262be0095_JaffaCakes118
.exe windows:5 windows x86 arch:x86

352a0fba5aa28469624f9f32d4d2c864

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW
StrCmpIW
StrDupW
PathRemoveExtensionW
PathRenameExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathMatchSpecW
StrFormatByteSizeW
PathFileExistsW
UrlUnescapeW
StrCpyW
PathStripPathW

ws2_32

send
gethostname
closesocket
WSASetLastError
inet_ntoa
gethostbyname
inet_addr
htons
getservbyname
recv
select
__WSAFDIsSet
socket
WSACleanup
WSAStartup
getpeername
WSAGetLastError
ioctlsocket
shutdown
connect

comctl32

ImageList_ReplaceIcon
PropertySheetW
_TrackMouseEvent
DestroyPropertySheetPage
ImageList_Create
ImageList_DrawIndirect
ImageList_Draw
ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx
CreatePropertySheetPageW

shell32

SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW
SHChangeNotify
ShellExecuteExW
ExtractIconW
DoEnvironmentSubstW
SHFileOperationW
SHGetSpecialFolderLocation

wininet

FtpPutFileW
InternetCloseHandle
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetGetLastResponseInfoW
InternetOpenW
InternetConnectW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

FindFirstFileA
FindClose
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetProcAddress
LoadLibraryW
GetVersionExW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrlenW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
lstrcmpiW
LoadResource
FindResourceW
SizeofResource
LockResource
FreeResource
GlobalFree
GlobalUnlock
SetLastError
FindResourceExW
LoadLibraryExW
GetModuleFileNameW
lstrcpyW
GetCurrentProcessId
lstrcmpW
lstrcatW
OpenProcess
lstrcpynW
MoveFileExW
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableW
GetShortPathNameW
GlobalLock
SetFileAttributesW
GetTickCount
CompareStringW
CreateFileW
WriteFile
CreateDirectoryW
RemoveDirectoryW
GetSystemTimeAsFileTime
GetLocaleInfoW
VirtualFreeEx
VirtualFree
ReadProcessMemory
VirtualAlloc
WriteProcessMemory
VirtualAllocEx
ExitProcess
Sleep
ResumeThread
CreateThread
CompareFileTime
SystemTimeToFileTime
GetLocalTime
GetDateFormatW
SetProcessWorkingSetSize
GetUserDefaultLangID
CreateMutexW
LocalReAlloc
LocalAlloc
LocalFree
SetFilePointer
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
ReadFile
EnumResourceNamesW
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetWindowsDirectoryW
FormatMessageW
CopyFileW
OutputDebugStringA
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetTempPathW
MoveFileW
HeapFree
HeapAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
VirtualQuery
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetModuleHandleA
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
LoadLibraryA
GetLocaleInfoA
InterlockedExchange
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringA
InterlockedCompareExchange
IsProcessorFeaturePresent
GetFullPathNameA
GetCurrentDirectoryA
DeleteFileW
SetEnvironmentVariableA

user32

GetDlgItemTextW
MessageBoxW
GetActiveWindow
DestroyMenu
GetDC
KillTimer
CallWindowProcW
PostMessageW
ScreenToClient
UpdateWindow
InvalidateRect
IsWindowVisible
IsWindowEnabled
GetWindowThreadProcessId
FillRect
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
SetMenuItemInfoW
GetFocus
DrawTextW
DrawFrameControl
MonitorFromPoint
DrawEdge
TrackPopupMenuEx
ModifyMenuW
FrameRect
MessageBeep
WindowFromPoint
GetMessagePos
GetWindowDC
ReleaseDC
GetSysColor
GetSysColorBrush
RegisterWindowMessageW
GetSystemMetrics
SetRectEmpty
SystemParametersInfoW
InflateRect
UnhookWindowsHookEx
CharLowerW
GetKeyState
CallNextHookEx
OffsetRect
GetClassNameW
SetWindowsHookExW
IsMenu
PtInRect
GetSubMenu
GetWindowModuleFileNameW
UnregisterHotKey
RegisterHotKey
ChangeClipboardChain
SetClipboardViewer
OpenClipboard
SetFocus
CreateIconFromResource
DeleteMenu
GetWindowTextW
GetDlgCtrlID
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
DrawFocusRect
CopyRect
TrackPopupMenu
LookupIconIdFromDirectory
GetClassLongW
GetDesktopWindow
GetForegroundWindow
GetLastInputInfo
LoadMenuW
SetCapture
SetCursor
GetCursorPos
ReleaseCapture
GetCapture
GetDlgItemInt
SetDlgItemInt
GetMenu
AdjustWindowRectEx
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
DdeAccessData
DdeClientTransaction
DdeGetLastError
DdeConnect
DdeCreateStringHandleW
DdeInitializeW
SetForegroundWindow
MoveWindow
ShowWindow
ScrollWindow
SendMessageTimeoutW
EnumWindows
PostQuitMessage
GetAncestor
FindWindowW
wsprintfW
GetKeyNameTextW
MapVirtualKeyW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
DestroyIcon
IsWindow
GetWindowLongW
SetWindowLongW
SetTimer
GetWindowTextLengthW
DialogBoxParamW
DialogBoxIndirectParamW
CreateWindowExW
RegisterClassExW
EndPaint
BeginPaint
EndDialog
LoadImageW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SendMessageW
GetDlgItem
GetParent
SetDlgItemTextW
EnableWindow
GetWindowRect
SetWindowTextW
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
LoadCursorW
CheckMenuItem
GetClassInfoExW

gdi32

GetObjectW
SetBrushOrgEx
CreateFontIndirectW
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
RealizePalette
GetDIBits
CreateDIBitmap
GetTextMetricsW
GetStockObject
GetTextExtentPoint32W
DeleteDC
SetTextColor
SelectObject
SetBkMode
CreateFontW
TextOutW
DeleteObject
GetCurrentObject
CreateSolidBrush
CreatePen
Polygon
CombineRgn
CreateRectRgnIndirect
ExcludeClipRect
SetPolyFillMode
CreateDIBSection
CreatePatternBrush
CreateBitmap
PatBlt
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantClear
VariantInit
SysFreeString
VarUI4FromStr

Sections

.text
Size: 830KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

352a0fba5aa28469624f9f32d4d2c864

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 830KB - Virtual size: 830KB

.rdata Size: 232KB - Virtual size: 232KB

.data Size: 71KB - Virtual size: 88KB

.rsrc Size: 155KB - Virtual size: 155KB

.text
Size: 830KB - Virtual size: 830KB

.rdata
Size: 232KB - Virtual size: 232KB

.data
Size: 71KB - Virtual size: 88KB

.rsrc
Size: 155KB - Virtual size: 155KB