ardamax | JaffaCakes118_559a8128b5ee0a76a411ec7c8a89fab9

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_559a8128b5ee0a76a411ec7c8a89fab9
Size

568KB
MD5

559a8128b5ee0a76a411ec7c8a89fab9
SHA1

36368ce482447f06480a65b30a96b6cfd029a8af
SHA256

f7be7614e794e23f4d3e51d300a1bb0926669dcf89d3ea2a47880a17b3d539f4
SHA512

3fda7d9dde3f110161542eb6173136029cf17d27fc2353f62cd8de931e6be021fd87e214ff5ff23c15dc3d0816c91276d7041e08a430cefa3b114abbdcdedbd1
SSDEEP

6144:+JMocTMA7aG1llJ5JLLZu6o4SIZ8ffyCQfFWoeG/oViNfP8n0AEK:tTXlJ5JnZ3VHZ8fq39WodOH

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_559a8128b5ee0a76a411ec7c8a89fab9

Files

JaffaCakes118_559a8128b5ee0a76a411ec7c8a89fab9
.exe windows:5 windows x86 arch:x86

de897cff85d9f2ca827495cbf9705f6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
StrDupW
PathRemoveExtensionW
PathStripPathW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW
StrCmpIW
StrFormatByteSizeW

ws2_32

recv
send
WSAStartup
htons
WSACleanup
getservbyname
inet_addr
gethostbyname
closesocket
select
shutdown
connect
socket

comctl32

ImageList_GetImageCount
ImageList_Draw
ImageList_Create
ImageList_ReplaceIcon
CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
ImageList_LoadImageW
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW
ExtractIconW
DoEnvironmentSubstW
ShellExecuteW

wininet

InternetGetLastResponseInfoW
InternetCloseHandle
FtpPutFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetConnectW
InternetOpenW

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
IsProcessorFeaturePresent
RaiseException
lstrcpyW
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
GetLastError
CreateFileW
WriteFile
lstrcmpW
DeleteFileW
SetLastError
GetModuleHandleW
GetProcAddress
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcpyA
lstrcmpA
lstrcpynW
GetVersionExW
LoadLibraryW
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
lstrcmpiW
GetDateFormatW
Sleep
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
OpenProcess
SetProcessWorkingSetSize
GlobalLock
GlobalUnlock
lstrcatW
RemoveDirectoryW
CreateDirectoryW
SetFileAttributesW
CreateThread
SetThreadPriority
ResumeThread
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetModuleFileNameW
GetShortPathNameW
GetEnvironmentVariableW
SetPriorityClass
GetCurrentThread
SetProcessPriorityBoost
MoveFileExW
ExitProcess
GetCurrentProcessId
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateMutexW
GetUserDefaultLangID
CompareStringW
EnumResourceNamesW
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
SetFilePointer
LocalFree
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
Process32FirstW
Process32NextW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageW
GetTimeZoneInformation
GetTimeFormatW
GetTickCount
OutputDebugStringW
GetComputerNameW
lstrcmpiA
CopyFileW
GetTempFileNameW
GetTempPathW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
MoveFileW
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedExchange
LoadLibraryA
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
SetEnvironmentVariableA
InterlockedCompareExchange
GetProcessHeap

user32

SetWindowTextW
MessageBoxW
ShowWindow
SetCursor
LoadCursorW
GetDlgItemTextW
SetFocus
GetDlgItemInt
MapWindowPoints
GetClientRect
MonitorFromWindow
GetWindow
EnableWindow
GetActiveWindow
SendMessageW
GetDC
SetTimer
KillTimer
PostMessageW
CallWindowProcW
LoadImageW
ScreenToClient
ScrollWindow
MoveWindow
BeginPaint
EndPaint
DestroyIcon
EndDialog
RegisterWindowMessageW
GetAncestor
SendMessageTimeoutW
DdeInitializeW
DdeCreateStringHandleW
DdeConnect
DdeGetLastError
DdeClientTransaction
DdeAccessData
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
GetWindowThreadProcessId
GetWindowModuleFileNameW
GetDlgCtrlID
IsWindowVisible
GetClassNameW
EnumWindows
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsWindow
PostQuitMessage
GetCursorPos
DeleteMenu
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
UpdateWindow
UnhookWindowsHookEx
TrackPopupMenuEx
CallNextHookEx
SetWindowsHookExW
IsMenu
FindWindowW
RegisterHotKey
UnregisterHotKey
GetDesktopWindow
GetForegroundWindow
ModifyMenuW
ReleaseDC
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
DrawFocusRect
SetRectEmpty
CreateWindowExW
CheckMenuItem
GetSubMenu
LoadMenuW
LoadIconW
DialogBoxParamW
GetMenu
AdjustWindowRectEx
RegisterClassExW
GetClassInfoExW
MessageBeep
FillRect
GetClassLongW
GetSysColorBrush
SystemParametersInfoW
SetDlgItemInt
PtInRect
ReleaseCapture
GetCapture
SetCapture
GetFocus
IsWindowEnabled
WindowFromPoint
GetMessagePos
FrameRect
DrawEdge
CharLowerW
GetKeyState
wsprintfW
MapVirtualKeyW
GetKeyNameTextW
UnregisterClassA
DestroyMenu
SetWindowPos
SetWindowLongW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
CopyRect
DrawFrameControl
OffsetRect
GetDlgItem
SetDlgItemTextW
DefWindowProcW
GetParent
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenu
GetWindowRect
InvalidateRect
DrawTextW
InflateRect
GetSystemMetrics
GetSysColor
GetWindowDC

gdi32

PatBlt
CreateDIBSection
SetBrushOrgEx
CreateBitmap
SetBkColor
GetTextMetricsW
GetDIBits
CombineRgn
DeleteObject
RealizePalette
CreateRectRgnIndirect
DeleteDC
CreatePatternBrush
ExcludeClipRect
CreateFontW
GetStockObject
GetObjectW
CreateFontIndirectW
TextOutW
SetPolyFillMode
SetBkMode
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
Polygon
CreatePen
CreateSolidBrush
SelectObject
SetTextColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr
SysFreeString

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de897cff85d9f2ca827495cbf9705f6c

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 139KB - Virtual size: 138KB

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 139KB - Virtual size: 138KB