ardamax | d95623e481661c678a0546e02f10f24c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d95623e481661c678a0546e02f10f24c_JaffaCakes118
Size

1.7MB
MD5

d95623e481661c678a0546e02f10f24c
SHA1

b6949e68a19b270873764585eb1e82448d1e0717
SHA256

cecfadce6fb09b3977c20d15fb40f8f66a1d7e488a4794451d048a598c3417da
SHA512

dee02644d92ed30e88bb10e9dcdba97abd9949b230059ec20cf5d93061f9cdb77b1e793e5f69d0b51595c30077c3ddd093348d22b070ce898ccefe28b8062591
SSDEEP

49152:0p2ZUfIIQDHWMVvC2nTlpnIZzBHsdRyxBT6+7z63YsriO0FVyo:0p23dDHpv30BHsfyxtd7z63YsriO0zyo

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d95623e481661c678a0546e02f10f24c_JaffaCakes118

Files

d95623e481661c678a0546e02f10f24c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c81166db2c63d55f2efb3e1a812b5672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpIW
PathAddBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW
StrCpyW
StrDupW
PathFindExtensionW
PathFindFileNameW
PathMatchSpecW
PathFileExistsW
StrFormatByteSizeW

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

ws2_32

inet_addr
gethostbyname
closesocket
getpeername
__WSAFDIsSet
WSASetLastError
shutdown
inet_ntoa
recv
send
gethostname
select
WSAGetLastError
connect
WSAStartup
WSACleanup
socket
getservbyname
htons
ioctlsocket

comctl32

ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
ImageList_DrawIndirect
CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
ImageList_ReplaceIcon
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
_TrackMouseEvent

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteExW
SHChangeNotify
ExtractIconW
DoEnvironmentSubstW
ShellExecuteW
SHFileOperationW

wininet

InternetCloseHandle
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetConnectW
InternetOpenW
InternetGetLastResponseInfoW
FtpPutFileW

mpr

WNetCancelConnection2W
WNetAddConnection2W

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

ReadConsoleInputA
SetConsoleMode
FindFirstFileA
GetDriveTypeA
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
CompareStringA
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
CloseHandle
GetLastError
CreateFileW
GetFileSize
ReadFile
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
lstrcpyW
lstrlenW
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
FreeResource
lstrcmpW
WriteFile
GetUserDefaultLangID
GetLocaleInfoW
DeleteFileW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
lstrcatW
CompareStringW
RaiseException
lstrcpynW
GetVersionExW
LoadLibraryW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
lstrcmpiW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
SetProcessWorkingSetSize
GetSystemTimeAsFileTime
GlobalLock
GlobalUnlock
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
GetTickCount
GetLocalTime
SystemTimeToFileTime
CompareFileTime
CreateThread
SetThreadPriority
ResumeThread
GetModuleFileNameW
GetShortPathNameW
GetEnvironmentVariableW
SetPriorityClass
GetCurrentThread
SetProcessPriorityBoost
MoveFileExW
Sleep
ExitProcess
GetCurrentProcessId
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateMutexW
GlobalFree
VirtualAlloc
VirtualFree
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
EnumResourceNamesW
SetFilePointer
EndUpdateResourceW
LocalReAlloc
BeginUpdateResourceW
LocalAlloc
UpdateResourceW
LocalFree
GetTimeFormatW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
CreateFileMappingW
GetWindowsDirectoryW
MoveFileW
TerminateThread
WaitForSingleObject
CopyFileW
QueryDosDeviceW
OutputDebugStringA
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetStartupInfoW
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
HeapSize
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
SetConsoleCtrlHandler
LoadLibraryA
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
InterlockedExchange
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
VirtualQuery
SetEnvironmentVariableA
InterlockedCompareExchange
IsProcessorFeaturePresent
GetModuleHandleA
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer

user32

GetDlgItemInt
CallWindowProcW
PostMessageW
ShowWindow
ScreenToClient
ScrollWindow
MoveWindow
GetDC
SetTimer
KillTimer
BeginPaint
EndPaint
IsWindow
ReleaseDC
DestroyIcon
EndDialog
RegisterWindowMessageW
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
PostQuitMessage
LoadImageW
GetCursorPos
DeleteMenu
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
UpdateWindow
UnhookWindowsHookEx
TrackPopupMenuEx
CallNextHookEx
GetClassNameW
SetWindowsHookExW
IsMenu
FindWindowW
RegisterHotKey
UnregisterHotKey
GetLastInputInfo
GetDesktopWindow
GetForegroundWindow
GetWindowDC
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
DrawFocusRect
SetRectEmpty
GetActiveWindow
GetSubMenu
LoadMenuW
DialogBoxIndirectParamW
RedrawWindow
GetMenu
AdjustWindowRectEx
RegisterClassExW
GetClassInfoExW
LookupIconIdFromDirectory
MessageBeep
IsWindowVisible
GetDlgCtrlID
CreateIconFromResource
GetAncestor
DdeInitializeW
DdeCreateStringHandleW
DdeConnect
DdeGetLastError
DdeClientTransaction
DdeAccessData
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
EnumWindows
FillRect
GetClassLongW
IsWindowEnabled
SendMessageTimeoutW
SystemParametersInfoW
GetWindowThreadProcessId
FrameRect
GetSysColorBrush
PtInRect
ReleaseCapture
GetCapture
SetCapture
GetFocus
WindowFromPoint
GetMessagePos
DrawEdge
CharLowerW
GetKeyState
GetMenuItemID
GetKeyNameTextW
MapVirtualKeyW
CharUpperW
wsprintfW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
SetFocus
LoadCursorW
SetCursor
EnableWindow
SetDlgItemInt
GetDlgItemTextW
GetWindow
MonitorFromWindow
GetClientRect
MapWindowPoints
SetWindowTextW
MessageBoxW
ModifyMenuW
GetDlgItem
SetDlgItemTextW
SendMessageW
CreateWindowExW
DefWindowProcW
GetParent
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenu
GetWindowRect
InvalidateRect
DrawTextW
GetSysColor
GetSystemMetrics
InflateRect
OffsetRect
DrawFrameControl
CopyRect
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
SetWindowLongW
SetWindowPos
CheckMenuItem
DestroyMenu

gdi32

RealizePalette
GetDeviceCaps
CreatePatternBrush
SetBrushOrgEx
CreateBitmap
PatBlt
RoundRect
LineTo
MoveToEx
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetTextExtentPoint32W
GetObjectW
GetStockObject
Polygon
CreatePen
CreateSolidBrush
SelectObject
SetTextColor
DeleteDC
GetDIBits
GetTextMetricsW
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
ExtTextOutW
SetBkColor
CreateDIBSection
GetCurrentObject
CreateDIBitmap
CreateFontW
CreateFontIndirectW
TextOutW
SetPolyFillMode
SetBkMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
VariantClear
VarUI4FromStr
SysFreeString
VarCmp

Sections

.text
Size: 993KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c81166db2c63d55f2efb3e1a812b5672

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

ws2_32

comctl32

shell32

wininet

mpr

version

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 993KB - Virtual size: 992KB

.rdata Size: 317KB - Virtual size: 316KB

.data Size: 47KB - Virtual size: 65KB

.rsrc Size: 378KB - Virtual size: 377KB

.text
Size: 993KB - Virtual size: 992KB

.rdata
Size: 317KB - Virtual size: 316KB

.data
Size: 47KB - Virtual size: 65KB

.rsrc
Size: 378KB - Virtual size: 377KB