ardamax | JaffaCakes118_447eb9f057e8686bb60b15679dbf4785

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_447eb9f057e8686bb60b15679dbf4785
Size

286KB
MD5

447eb9f057e8686bb60b15679dbf4785
SHA1

adec4e2c817b332dfcb766182c948922217332ed
SHA256

bdd322a10a2549fe5b48dd82df90687d260bcc67b2d548aa3111f8e3da071e55
SHA512

081934e46476b8292c72506e1c08ea75c0a97a6ed9401658fc7e3ffd50a1fd3a0810c9aef94d67264bf3676c4de9ee6533d04766ca73d8c418917d2d64522a1e
SSDEEP

3072:XXYe7o0Jz5GF36hK+rW2XGI7xAoacJK29REJtJP2F5tQnxS2eqAbQw:HYf0JzM6hz12Inu3JjPLxJAZ

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_447eb9f057e8686bb60b15679dbf4785

Files

JaffaCakes118_447eb9f057e8686bb60b15679dbf4785
.exe windows:4 windows x86 arch:x86

24c6b7bcfd2a747d74ec6a7a26203191

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrDupA
PathRemoveExtensionA
PathStripPathA
PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA
StrChrA
StrPBrkA
StrFormatByteSizeA

ws2_32

gethostbyname
inet_addr
getservbyname
WSACleanup
htons
WSAStartup
socket
connect
send
recv
select
closesocket
shutdown

comctl32

ImageList_LoadImageA
DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
_TrackMouseEvent

shell32

ShellExecuteA
DoEnvironmentSubstA
ExtractIconA
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA
SHChangeNotify

wininet

InternetGetLastResponseInfoA
InternetCloseHandle
FtpPutFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpDeleteFileA
FtpSetCurrentDirectoryA
InternetConnectA
InternetOpenA

kernel32

InterlockedCompareExchange
IsProcessorFeaturePresent
GetThreadLocale
SetEnvironmentVariableA
lstrcpyA
lstrlenA
CreateFileA
lstrcmpA
GetModuleHandleA
GetProcAddress
FindResourceExA
lstrcpynA
LoadLibraryA
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
CloseHandle
WriteFile
lstrcmpiA
GetDateFormatA
DeleteFileA
lstrlenW
Sleep
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
OpenProcess
SetProcessWorkingSetSize
GetCurrentProcess
GetFileAttributesA
SetFileAttributesA
CreateThread
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCurrentProcessId
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcatA
SetPriorityClass
SetThreadPriority
GetCurrentThread
SetProcessPriorityBoost
MoveFileExA
ExitProcess
CreateMutexA
GetLastError
InitializeCriticalSection
FlushInstructionCache
SetLastError
LockResource
RaiseException
lstrcpyW
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
DeleteCriticalSection
CompareStringA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
EnumResourceNamesA
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
SetFilePointer
LocalFree
CreateToolhelp32Snapshot
Module32First
Module32Next
Process32First
Process32Next
GetWindowsDirectoryA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageA
WritePrivateProfileStringA
GetPrivateProfileStringA
CompareStringW
InterlockedExchange
GetTimeZoneInformation
GetTimeFormatA
GetTickCount
OutputDebugStringA
GetComputerNameA
CopyFileA
GetTempFileNameA
GetTempPathA
OpenFile
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
RtlUnwind
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

InvalidateRect
GetCaretPos
GetNextDlgTabItem
CharNextA
GetKeyState
MessageBeep
GetDlgItem
DestroyIcon
EndDialog
RegisterWindowMessageA
GetAncestor
SendMessageTimeoutA
GetWindowTextLengthA
GetWindowTextA
SendMessageA
GetWindowThreadProcessId
GetWindowModuleFileNameA
GetDlgCtrlID
IsWindowVisible
GetClassNameA
GetWindow
EnumWindows
PostQuitMessage
GetCursorPos
SetForegroundWindow
FindWindowA
RegisterHotKey
UnregisterHotKey
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA
DrawFocusRect
SetRectEmpty
DeleteMenu
GetSubMenu
LoadMenuA
LoadIconA
CallWindowProcA
DialogBoxParamA
SetWindowPos
GetMenu
AdjustWindowRectEx
RegisterClassExA
GetClassInfoExA
DestroyWindow
IsMenu
DestroyMenu
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
UpdateWindow
EndPaint
LoadStringA
DrawTextA
GetClassLongA
SetCursor
LoadCursorA
GetSysColorBrush
SystemParametersInfoA
DrawFrameControl
SetWindowLongA
CreateWindowExA
GetWindowLongA
SetDlgItemInt
ReleaseCapture
GetCapture
SetCapture
ScreenToClient
WindowFromPoint
GetMessagePos
FrameRect
InflateRect
OffsetRect
DrawEdge
IsWindowEnabled
CharLowerA
PeekMessageA
PtInRect
GetFocus
ModifyMenuA
TrackPopupMenuEx
GetMonitorInfoA
MonitorFromPoint
MapWindowPoints
FillRect
UnhookWindowsHookEx
CallNextHookEx
IsWindow
SetWindowsHookExA
ReleaseDC
GetWindowDC
wsprintfA
MapVirtualKeyA
GetKeyNameTextA
GetForegroundWindow
UnregisterClassA
TrackPopupMenu
GetSysColor
GetSystemMetrics
CopyRect
BeginPaint
GetWindowRect
MoveWindow
ScrollWindow
GetClientRect
LoadImageA
PostMessageA
KillTimer
SetTimer
GetDC
GetActiveWindow
EnableWindow
SetWindowTextA
SetDlgItemTextA
GetDlgItemInt
SetFocus
GetDlgItemTextA
ShowWindow
GetParent
MessageBoxA

gdi32

DeleteObject
CreateCompatibleDC
GetObjectA
GetStockObject
CreatePen
CreateSolidBrush
CreateFontA
TextOutA
Polygon
SetBkMode
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
CreateCompatibleBitmap
PatBlt
CreateDIBSection
CreateBitmap
SetBkColor
BitBlt
DeleteDC
CreatePatternBrush
SetBrushOrgEx
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
SetTextColor
SetPolyFillMode

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
GetUserNameA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc

oleaut32

VariantClear
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
VariantInit
DispCallFunc
VarUI4FromStr

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24c6b7bcfd2a747d74ec6a7a26203191

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 39KB - Virtual size: 39KB