ardamax | b654794ebc4d2f47731eec571aa23fff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b654794ebc4d2f47731eec571aa23fff_JaffaCakes118
Size

474KB
MD5

b654794ebc4d2f47731eec571aa23fff
SHA1

62b28db6999e8e18b27b129920b57e742faf29b8
SHA256

37a29c72f2bc5ba2ea3a6e16dfc6408141eaa7f86e343a7af6f33a4866ed4180
SHA512

fb42d05df80cb7a75cb97206c36f01bc4471ae283a04bd11fee34e8964d7bb3095d009056830d36859b2f2bc13846591bf6632d392b5bf0d94f240d7838833a9
SSDEEP

6144:sP/HgQr8z0psVGBJbsvUIvpBSkULIMxEIvs/IV2JN4XdiA:ggQNIGBJ/igkUYItL

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b654794ebc4d2f47731eec571aa23fff_JaffaCakes118

Files

b654794ebc4d2f47731eec571aa23fff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f540a07307a950dc21e42040216c83fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
StrCmpIW
PathFindExtensionW
PathFindFileNameW
PathStripPathW
PathRemoveFileSpecW
StrFormatByteSizeW
PathRemoveExtensionW
StrDupW
PathFileExistsW

ws2_32

send
getservbyname
WSACleanup
WSAStartup
htons
inet_addr
gethostbyname
socket
connect
select
closesocket
recv
shutdown

comctl32

PropertySheetW
InitCommonControlsEx
ImageList_LoadImageW
ImageList_Draw
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Create
_TrackMouseEvent
CreatePropertySheetPageW
DestroyPropertySheetPage

shell32

SHChangeNotify
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ExtractIconW
DoEnvironmentSubstW

wininet

InternetGetLastResponseInfoW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetConnectW
InternetOpenW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetStringTypeA
GetThreadLocale
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringA
GetCurrentProcess
GetModuleHandleW
LockResource
LoadLibraryW
GetProcAddress
GetVersion
VirtualAlloc
MultiByteToWideChar
FindResourceExW
FlushInstructionCache
WideCharToMultiByte
VirtualFree
FreeLibrary
GetCurrentThreadId
CreateThread
SetThreadPriority
ResumeThread
GlobalLock
GetLocalTime
LeaveCriticalSection
lstrcpyW
GlobalUnlock
SystemTimeToFileTime
CompareFileTime
lstrcatW
GetSystemTimeAsFileTime
GetModuleFileNameW
EnterCriticalSection
CloseHandle
CreateFileW
lstrcpynW
RemoveDirectoryW
GetShortPathNameW
CreateDirectoryW
GetEnvironmentVariableW
WriteFile
OpenProcess
SetFileAttributesW
SetPriorityClass
CompareStringW
lstrlenW
GetCurrentThread
Sleep
SetProcessPriorityBoost
InitializeCriticalSection
DeleteFileW
InterlockedIncrement
MoveFileExW
SetLastError
ExitProcess
RaiseException
SizeofResource
lstrcmpiW
GetCurrentProcessId
InterlockedDecrement
LoadResource
lstrlenA
FindResourceW
lstrcmpW
lstrcpyA
LoadLibraryExW
GetDateFormatW
GetVersionExW
lstrcmpA
CreateMutexW
DeleteCriticalSection
GetLastError
SetProcessWorkingSetSize
LocalReAlloc
ReadFile
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
SetFilePointer
LocalFree
EnumResourceNamesW
LocalAlloc
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
Process32FirstW
Process32NextW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
GetTimeZoneInformation
GetComputerNameW
lstrcmpiA
GetTimeFormatW
GetTickCount
OutputDebugStringW
CopyFileW
GetTempFileNameW
GetTempPathW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
MoveFileW
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
InterlockedExchange
LoadLibraryA
RtlUnwind
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
VirtualQuery
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

user32

ReleaseCapture
CheckMenuItem
GetMenuItemCount
IsWindowEnabled
SetWindowTextW
GetMenu
InflateRect
GetCapture
IsClipboardFormatAvailable
GetSubMenu
EnableWindow
SendMessageW
OpenClipboard
GetMenuItemInfoW
MessageBoxW
GetActiveWindow
DdeInitializeW
AdjustWindowRectEx
DrawFrameControl
SetCapture
DdeCreateStringHandleW
SetMenuItemInfoW
DdeConnect
DestroyIcon
DdeClientTransaction
GetClipboardData
DispatchMessageW
MapWindowPoints
DdeAccessData
ShowWindow
TranslateMessage
UpdateWindow
CharLowerW
GetDC
FillRect
GetMessageW
SetTimer
CloseClipboard
DrawFocusRect
DialogBoxParamW
RegisterClassExW
DdeDisconnect
ScreenToClient
KillTimer
EndDialog
DdeFreeStringHandle
IsWindow
DdeUninitialize
LoadMenuW
GetDlgItem
PostQuitMessage
TrackPopupMenu
GetClassInfoExW
GetDlgItemTextW
BeginPaint
LoadIconW
InvalidateRect
SetDlgItemInt
RegisterWindowMessageW
GetWindowThreadProcessId
CallWindowProcW
GetParent
WindowFromPoint
FrameRect
PeekMessageW
PostMessageW
SetRectEmpty
EndPaint
GetMessagePos
PtInRect
GetWindowModuleFileNameW
GetDesktopWindow
GetWindowTextW
GetFocus
GetForegroundWindow
UnhookWindowsHookEx
SetFocus
DefWindowProcW
DrawEdge
GetDlgCtrlID
GetCursorPos
GetWindowDC
MessageBeep
LoadImageW
GetAncestor
IsWindowVisible
SetWindowLongW
ModifyMenuW
CopyRect
GetClassNameW
GetDlgItemInt
SetForegroundWindow
GetWindow
EnumWindows
TrackPopupMenuEx
ReleaseDC
DestroyWindow
LoadStringW
GetMonitorInfoW
SendMessageTimeoutW
FindWindowW
CharNextW
MonitorFromPoint
GetClientRect
SetCursor
RegisterHotKey
LoadCursorW
UnregisterHotKey
GetKeyState
CallNextHookEx
DrawTextW
GetSysColorBrush
MapVirtualKeyW
GetKeyNameTextW
wsprintfW
UnregisterClassA
ScrollWindow
SystemParametersInfoW
SetWindowsHookExW
GetSystemMetrics
IsMenu
DeleteMenu
ChangeClipboardChain
CreateWindowExW
GetWindowLongW
SetWindowPos
GetWindowRect
GetWindowTextLengthW
GetSysColor
DestroyMenu
SetClipboardViewer
SetDlgItemTextW
MoveWindow
GetClassLongW
OffsetRect

gdi32

GetTextMetricsW
SetTextColor
CreateCompatibleBitmap
CreatePen
GetStockObject
CreatePatternBrush
GetTextExtentPoint32W
SetBrushOrgEx
TextOutW
Polygon
PatBlt
SetPolyFillMode
GetDIBits
DeleteDC
RealizePalette
CreateSolidBrush
CreateDIBSection
SetBkMode
CreateCompatibleDC
CreateRectRgnIndirect
SelectObject
CreateBitmap
CombineRgn
SetBkColor
GetObjectW
BitBlt
CreateFontIndirectW
ExcludeClipRect
CreateFontW
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f540a07307a950dc21e42040216c83fb

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 354KB - Virtual size: 354KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 354KB - Virtual size: 354KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 48KB - Virtual size: 47KB