ardamax | JaffaCakes118_48971efffd046d318f291255aa7d0e9a | Triage

Sharing

General

Target

JaffaCakes118_48971efffd046d318f291255aa7d0e9a
Size

147KB
MD5

48971efffd046d318f291255aa7d0e9a
SHA1

3eab977527584cbc79863ac48075b4e81f2b223e
SHA256

98855803f4595e2906a1caa7f8ce12347845e94df79d5d2fb6b3d84a876f83d9
SHA512

14241f9bfced65577b41265b28b4ba50131046b48ddb3ab6fa9f2dc513c78540ae251d72c84a4fd14b5c2b8724dea441de03d2126d7066b5b64d4095199fe082
SSDEEP

3072:OG8re9/BkcCIdq+NyqklcxTzUpeZCyVwyKrdSYSwXXHl32c:OG8re9/Cctq+N50cxTpVwyKrcEXHl7

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_48971efffd046d318f291255aa7d0e9a

Files

JaffaCakes118_48971efffd046d318f291255aa7d0e9a
.exe windows:4 windows x86 arch:x86

46f7605e7a78c927642caddee90e57c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadIconA
LoadCursorA
LoadBitmapA
GetDlgItemTextA
GetDlgCtrlID
EndDialog
ShowWindow
SetWindowTextA
SetDlgItemTextA
SetClassLongA
SendMessageA
SendDlgItemMessageA
MessageBoxA
DialogBoxParamA

kernel32

LoadResource
lstrcpyA
SizeofResource
CreateThread
ExitThread
ResumeThread
SetThreadPriority
ExitProcess
FindResourceA
GetModuleHandleA
GlobalAlloc
GlobalFree
CloseHandle
RtlZeroMemory
SuspendThread
Sleep

gdi32

CreatePatternBrush
SetTextColor
SetBkMode
GetStockObject
DeleteObject

winmm

waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutRestart
waveOutReset
waveOutPause
waveOutOpen
waveOutGetPosition
waveOutClose

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE