ardamax | JaffaCakes118_4f5c5fe12e61562705abc9ed53039f32

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4f5c5fe12e61562705abc9ed53039f32
Size

239KB
MD5

4f5c5fe12e61562705abc9ed53039f32
SHA1

fcd283219c4a765226bde9f38041dd1eaf866b0d
SHA256

ed679c963691e4c4eda0e94bc860ad78ca30f274219cf0c5adc468153985055d
SHA512

f53e6e7506e6a3ae226f0d085727a7df95b1ff050c96698233ae997ee59752b21a5973c0b13e47106ee945379b84d407ed8ac15065cfe582eb30a2a3f158b740
SSDEEP

3072:+i6+UYpf5wKMXcJN+O2bT09LUK0u9m56fPN5tIXONeIV/uIWln7b/aGb:r6+Lpu/XQx0T09LU7SIEN5BNeI/pIaG

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4f5c5fe12e61562705abc9ed53039f32

Files

JaffaCakes118_4f5c5fe12e61562705abc9ed53039f32
.exe windows:4 windows x86 arch:x86

332cb751e65510afcaef60e9f1ef2b30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
FtpPutFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpDeleteFileA
FtpSetCurrentDirectoryA
InternetConnectA

kernel32

GetLastError
LockResource
RaiseException
HeapFree
lstrcpyW
FlushInstructionCache
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GetVersionExA
CompareStringA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
EnumResourceNamesA
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
SetFilePointer
LocalFree
CreateToolhelp32Snapshot
Module32First
Module32Next
Process32First
Process32Next
OpenProcess
GetWindowsDirectoryA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageA
WritePrivateProfileStringA
GetPrivateProfileStringA
CompareStringW
CreateMutexA
GetTimeFormatA
GetTickCount
GetComputerNameA
CopyFileA
GetTempFileNameA
GetTempPathA
GetSystemTimeAsFileTime
OpenFile
FindResourceExA
HeapCreate
RtlUnwind
TerminateProcess
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
ExitProcess
Sleep
MoveFileExA
SetProcessPriorityBoost
GetCurrentThread
SetThreadPriority
SetPriorityClass
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetCurrentProcessId
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
SetUnhandledExceptionFilter
CompareFileTime
SystemTimeToFileTime
GetLocalTime
CreateThread
SetFileAttributesA
GetFileAttributesA
GetCurrentProcess
SetProcessWorkingSetSize
lstrlenW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteFileA
GetDateFormatA
VirtualFree
LCMapStringA
LCMapStringW
lstrcmpiA
OutputDebugStringA
DebugBreak
WriteFile
CloseHandle
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetVersion
LoadLibraryA
lstrcpynA
GetProcAddress
GetModuleHandleA
lstrcmpA
CreateFileA
lstrlenA
lstrcpyA
FlushFileBuffers
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetTimeZoneInformation
SetEnvironmentVariableA

user32

DrawEdge
OffsetRect
InflateRect
FrameRect
GetWindowThreadProcessId
GetMessagePos
WindowFromPoint
SetDlgItemInt
GetWindowLongA
CreateWindowExA
SetWindowLongA
DrawFrameControl
SystemParametersInfoA
GetSysColorBrush
LoadCursorA
SetCursor
GetClassLongA
DrawTextA
LoadStringA
GetParent
GetClassNameA
UpdateWindow
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
GetForegroundWindow
IsMenu
DestroyWindow
wsprintfA
GetClassInfoExA
RegisterClassExA
GetMenu
SetWindowPos
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
UnregisterClassA
CallWindowProcA
LoadIconA
LoadMenuA
GetSubMenu
DeleteMenu
SetRectEmpty
SendMessageA
DrawFocusRect
DefWindowProcA
GetKeyNameTextA
MapVirtualKeyA
IsWindowEnabled
GetFocus
PtInRect
SetCapture
GetMessageA
TranslateMessage
DispatchMessageA
UnregisterHotKey
RegisterHotKey
FindWindowA
SetForegroundWindow
GetCapture
ReleaseCapture
GetDlgCtrlID
ScreenToClient
GetWindowDC
ReleaseDC
SetWindowsHookExA
IsWindow
CallNextHookEx
UnhookWindowsHookEx
FillRect
MapWindowPoints
MonitorFromPoint
GetMonitorInfoA
TrackPopupMenuEx
ModifyMenuA
PeekMessageA
IsWindowVisible
DestroyMenu
CharLowerA
GetCursorPos
PostQuitMessage
RegisterWindowMessageA
EndDialog
wvsprintfA
DestroyIcon
GetDlgItem
MessageBeep
GetKeyState
CharNextA
GetNextDlgTabItem
GetCaretPos
InvalidateRect
EndPaint
BeginPaint
GetWindowRect
MoveWindow
ScrollWindow
GetClientRect
LoadImageA
PostMessageA
KillTimer
SetTimer
GetDC
GetActiveWindow
EnableWindow
SetWindowTextA
GetWindow
SetDlgItemTextA
GetDlgItemInt
SetFocus
GetDlgItemTextA
ShowWindow
MessageBoxA
TrackPopupMenu
GetSysColor
GetSystemMetrics
CopyRect
AdjustWindowRectEx

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
CreateDIBSection
CreateBitmap
SetBkColor
BitBlt
DeleteDC
CreatePatternBrush
SetBrushOrgEx
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
SetTextColor
GetStockObject
CreateSolidBrush
CreateFontA
TextOutA
Polygon
SetPolyFillMode
SetBkMode
SelectObject
CreatePen
GetTextExtentPoint32A

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
GetUserNameA
RegDeleteKeyA

shell32

SHChangeNotify
ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
Shell_NotifyIconA
ShellExecuteA
ExtractIconA
DoEnvironmentSubstA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadTypeLi
SysFreeString
LoadRegTypeLi
VariantInit
DispCallFunc
VarUI4FromStr
VariantClear
SysStringLen

shlwapi

StrFormatByteSizeA
StrPBrkA
StrChrA
PathFileExistsA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecA
PathRemoveExtensionA
StrDupA
PathStripPathA

comctl32

InitCommonControlsEx
ImageList_GetImageCount
ImageList_Destroy
ImageList_LoadImageA
DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw
_TrackMouseEvent

wsock32

getservbyname
WSACleanup
ioctlsocket
WSAStartup
gethostbyname
socket
connect
shutdown
closesocket
select
recv
send
htons

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

332cb751e65510afcaef60e9f1ef2b30

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wsock32

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 37KB - Virtual size: 37KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 37KB - Virtual size: 37KB