ardamax | JaffaCakes118_5d6ab450b17f4b783f11958ea941008e

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_5d6ab450b17f4b783f11958ea941008e
Size

460KB
MD5

5d6ab450b17f4b783f11958ea941008e
SHA1

cdbd0a69fa73d9e0ad5704517dab1c96f018f729
SHA256

e3bf498b7353baa701363d216ca1b8766f82ff6e851d0585958476e36bf1143d
SHA512

b34ad4d6182923d75b3e42e08b40bea18ae8c9b05c70bd4bae490cb9a44335b57d206a2b620d74d033b38eca5cb16123fca1015585c00944f7f2500bc02224e5
SSDEEP

6144:Rx/aAsBXn+xAmLEcwMkptRzyiPHP4ljV3UVKC/rVkN8DKDXgA3:5Qn+xYR2iP4jFUrDQ3

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5d6ab450b17f4b783f11958ea941008e

Files

JaffaCakes118_5d6ab450b17f4b783f11958ea941008e
.exe windows:4 windows x86 arch:x86

3f6e52c15d07369f8047a778dc58efff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrFormatByteSizeA
UrlUnescapeA
StrDupA
PathRemoveExtensionA
PathStripPathA
PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA
StrChrA
StrPBrkA

ws2_32

htons
WSACleanup
getservbyname
inet_addr
gethostbyname
send
socket
connect
shutdown
closesocket
select
recv
WSAStartup

comctl32

ImageList_GetImageCount
ImageList_Draw
ImageList_Create
ImageList_ReplaceIcon
CreatePropertySheetPageA
PropertySheetA
DestroyPropertySheetPage
ImageList_LoadImageA
ImageList_Destroy
InitCommonControlsEx
_TrackMouseEvent

shell32

SHGetSpecialFolderLocation
ShellExecuteA
DoEnvironmentSubstA
ExtractIconA
Shell_NotifyIconA
SHGetPathFromIDListA
ShellExecuteExA
SHChangeNotify

wininet

FtpDeleteFileA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpPutFileA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetConnectA
InternetOpenA
FtpSetCurrentDirectoryA

mpr

WNetCancelConnection2A
WNetAddConnection2A

oleacc

AccessibleObjectFromWindow
AccessibleChildren

kernel32

IsProcessorFeaturePresent
InterlockedCompareExchange
GetThreadLocale
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
lstrcpyA
lstrlenA
CreateFileA
lstrcmpA
DeleteFileA
SetLastError
GetModuleHandleA
GetProcAddress
FindResourceExA
lstrcpynA
LoadLibraryA
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
CloseHandle
WriteFile
lstrcmpiA
GetDateFormatA
lstrlenW
Sleep
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
OpenProcess
SetProcessWorkingSetSize
GetCurrentProcess
GetFileAttributesA
SetFileAttributesA
CreateThread
SetThreadPriority
ResumeThread
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCurrentProcessId
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcatA
SetPriorityClass
GetCurrentThread
SetProcessPriorityBoost
MoveFileExA
ExitProcess
CreateMutexA
GetLastError
InitializeCriticalSection
FlushInstructionCache
LockResource
RaiseException
lstrcpyW
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
DeleteCriticalSection
CompareStringA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
EnumResourceNamesA
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
SetFilePointer
LocalFree
CreateToolhelp32Snapshot
Module32First
Module32Next
Process32First
Process32Next
GetWindowsDirectoryA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageA
WritePrivateProfileStringA
GetPrivateProfileStringA
CompareStringW
InterlockedExchange
GetTimeZoneInformation
GetTimeFormatA
GetTickCount
OutputDebugStringA
GetComputerNameA
CopyFileA
GetTempFileNameA
GetTempPathA
FileTimeToSystemTime
FileTimeToLocalFileTime
OpenFile
MoveFileA
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
RtlUnwind
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
WriteConsoleA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
GetStringTypeA

user32

InvalidateRect
GetCaretPos
GetNextDlgTabItem
CharNextA
GetKeyState
MessageBeep
GetDlgItem
DestroyIcon
EndDialog
RegisterWindowMessageA
GetAncestor
SendMessageTimeoutA
GetWindowTextLengthA
GetWindowTextA
SendMessageA
GetWindowThreadProcessId
GetWindowModuleFileNameA
GetDlgCtrlID
IsWindowVisible
GetClassNameA
GetWindow
EnumWindows
PostQuitMessage
GetCursorPos
SetForegroundWindow
FindWindowA
RegisterHotKey
UnregisterHotKey
GetDesktopWindow
GetForegroundWindow
GetWindowDC
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA
DrawFocusRect
SetRectEmpty
DeleteMenu
CheckMenuItem
GetSubMenu
LoadMenuA
LoadIconA
CallWindowProcA
DialogBoxParamA
SetWindowPos
GetMenu
AdjustWindowRectEx
RegisterClassExA
GetClassInfoExA
DestroyWindow
IsMenu
DestroyMenu
GetMenuItemCount
EndPaint
SetMenuItemInfoA
UpdateWindow
GetParent
LoadStringA
DrawTextA
GetClassLongA
SetWindowLongA
ReleaseDC
SetCursor
LoadCursorA
GetSysColorBrush
SystemParametersInfoA
GetWindowLongA
InflateRect
DrawFrameControl
CreateWindowExA
SetDlgItemInt
ReleaseCapture
GetCapture
SetCapture
ScreenToClient
WindowFromPoint
GetMessagePos
FrameRect
OffsetRect
DrawEdge
IsWindowEnabled
CharLowerA
PeekMessageA
PtInRect
GetFocus
ModifyMenuA
TrackPopupMenuEx
GetMonitorInfoA
MonitorFromPoint
MapWindowPoints
FillRect
UnhookWindowsHookEx
CallNextHookEx
IsWindow
SetWindowsHookExA
wsprintfA
MapVirtualKeyA
GetKeyNameTextA
UnregisterClassA
GetSysColor
GetSystemMetrics
CopyRect
BeginPaint
GetWindowRect
MoveWindow
ScrollWindow
GetClientRect
LoadImageA
PostMessageA
KillTimer
SetTimer
GetDC
GetActiveWindow
EnableWindow
SetWindowTextA
SetDlgItemTextA
GetDlgItemInt
SetFocus
GetDlgItemTextA
ShowWindow
MessageBoxA
GetMenuItemInfoA
TrackPopupMenu

gdi32

RealizePalette
GetDIBits
GetObjectA
CreateFontIndirectA
DeleteObject
PatBlt
CreateDIBSection
CreateCompatibleDC
CreatePen
GetStockObject
CreateSolidBrush
CreateFontA
TextOutA
Polygon
SetPolyFillMode
SelectObject
GetTextExtentPoint32A
CreateBitmap
SetBkColor
BitBlt
DeleteDC
CreateCompatibleBitmap
CreatePatternBrush
SetBrushOrgEx
GetTextMetricsA
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
SetTextColor
SetBkMode

comdlg32

GetSaveFileNameA
GetOpenFileNameA

ole32

CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VariantClear
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
VariantInit
DispCallFunc
VarUI4FromStr

Sections

.text
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f6e52c15d07369f8047a778dc58efff

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

mpr

oleacc

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 350KB - Virtual size: 350KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 45KB - Virtual size: 45KB

.text
Size: 350KB - Virtual size: 350KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 45KB - Virtual size: 45KB