ardamax | JaffaCakes118_7b9ec3d3172fb82cb5dd3369f563c0e0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7b9ec3d3172fb82cb5dd3369f563c0e0
Size

333KB
MD5

7b9ec3d3172fb82cb5dd3369f563c0e0
SHA1

114297cb4bf7301ee70929f324a5969d9cc3885b
SHA256

32a7829689679dee4ae7fe33d702bdabc95e1b0c46b2518498623300028a31fc
SHA512

7c4d275dde9ccb0133050b3793afd8a35b04cee386808cd2a7c27fc8e31ee6a8dd298857b02257c6b183840bb86f3119779a99296f22cd29aa73105c30566597
SSDEEP

6144:XKQt6IvCzZZbXV6SLhs39X/e7YFFfWIu7SYn12j4hIiolfTLEEu6bAL/4wp:h6uCzZtXV5LhsV/RFD7Ec

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7b9ec3d3172fb82cb5dd3369f563c0e0

Files

JaffaCakes118_7b9ec3d3172fb82cb5dd3369f563c0e0
.exe windows:4 windows x86 arch:x86

b8eb3fb9b2e0d990641a6f67a8bda77f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyA
RegCloseKey

comctl32

ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

gdi32

CreatePen
CreateSolidBrush
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetRgnBox
EnumFontFamiliesExA
DeleteDC
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetTextExtentPoint32A
CreateFontIndirectA
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
SelectObject
DeleteObject
BitBlt
PatBlt
Rectangle
GetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
CreateFontA
CreateDIBitmap
GetObjectA

kernel32

GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
RtlUnwind
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
SetErrorMode
FindResourceExA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalFlags
GetFileTime
GetFileAttributesA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedDecrement
VirtualProtect
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
GetProcAddress
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
GetTimeZoneInformation
GetTickCount
Sleep
SetLastError
GetPrivateProfileStringA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileIntA
SetFileAttributesA
lstrcpynA
GetLocalTime
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MulDiv
WaitForSingleObject
DeleteFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
lstrcatA
WinExec
lstrcpyA
CreateMutexA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrlenA
VirtualFree

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
VariantCopy

shell32

Shell_NotifyIconA
SHFileOperationA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

user32

RegisterClipboardFormatA
PostThreadMessageA
SetWindowContextHelpId
MapDialogRect
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
IsChild
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
IntersectRect
IsIconic
GetWindowPlacement
GetWindow
EndPaint
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuState
GetWindowTextLengthA
GetWindowTextA
GetFocus
SetWindowPos
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CharUpperA
GetCursorPos
PostQuitMessage
SetForegroundWindow
KillTimer
SetTimer
SetMenuDefaultItem
CreatePopupMenu
RegisterHotKey
UnregisterHotKey
UnregisterClassA
GetDlgItem
LoadImageA
wsprintfA
GetSystemMetrics
DestroyIcon
DrawIconEx
SystemParametersInfoA
GetSubMenu
GetMenuItemInfoA
GetMenuItemID
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
GetMenuItemCount
AppendMenuA
DrawEdge
OffsetRect
CopyRect
MessageBoxA
MapVirtualKeyA
GetKeyNameTextA
SetWindowLongA
LoadCursorA
CopyIcon
MessageBeep
GetSysColorBrush
GetAsyncKeyState
DestroyMenu
GetWindowDC
WindowFromPoint
DestroyCursor
GetSysColor
IsWindow
ReleaseCapture
GetParent
SetCapture
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
SendMessageA
InflateRect
PtInRect
SetCursor
FindWindowA
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
EnableWindow
GetWindowRect
BeginPaint
RemovePropA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

ws2_32

WSASetLastError
gethostbyname
inet_addr
htons
gethostname
select
closesocket
recv
send
connect
WSACleanup
WSAStartup
socket

comdlg32

GetFileTitleA

kh

ClearHook
SetHook

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oledlg

ord8

Sections

.text
Size: 211KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b8eb3fb9b2e0d990641a6f67a8bda77f

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

oleaut32

shell32

shlwapi

user32

winspool.drv

ws2_32

comdlg32

kh

ole32

oledlg

Sections

.text Size: 211KB - Virtual size: 212KB

.data Size: 62KB - Virtual size: 64KB

Size: 9KB - Virtual size: 24KB

.rsrc Size: 41KB - Virtual size: 41KB

.idata Size: 8KB - Virtual size: 12KB

.text
Size: 211KB - Virtual size: 212KB

.data
Size: 62KB - Virtual size: 64KB

.rsrc
Size: 41KB - Virtual size: 41KB

.idata
Size: 8KB - Virtual size: 12KB