ardamax | JaffaCakes118_8a15448f1edfef2111870b2a9b88be94

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_8a15448f1edfef2111870b2a9b88be94
Size

472KB
MD5

8a15448f1edfef2111870b2a9b88be94
SHA1

db9e4678ccd05a0f77c411a7ffc0f720490cc6ed
SHA256

9fa059c94729384ca112c00e71440c0882d8832e772ae85a7e45e8247c853f60
SHA512

01c07c0af5dcfe53c272280f92aff96207d9a88bb0063e752c43b11213df493f71daf40387e42ac770bc1587b84bc10887de42e4f106475003b96b3419fdcad5
SSDEEP

6144:44xXjtX0ufeMtLDU7b/u5I/hmrHpmYrh/HVLNWiuph3RAb:NxV0ujobuU0rHdwmb

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8a15448f1edfef2111870b2a9b88be94

Files

JaffaCakes118_8a15448f1edfef2111870b2a9b88be94
.exe windows:4 windows x86 arch:x86

7a185195e8851d01a3ee1fc2acc50836

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlUnescapeW
PathFindExtensionW
PathRemoveFileSpecW

comctl32

ImageList_LoadImageW
InitCommonControlsEx
CreateStatusWindowW
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_AddMasked
ImageList_Add
ImageList_Replace
ImageList_Create
ImageList_SetImageCount

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

kernel32

LoadLibraryExW
GetModuleHandleW
GetLastError
DeleteCriticalSection
GetCurrentProcessId
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
GetFileSize
FileTimeToLocalFileTime
CompareFileTime
WideCharToMultiByte
WaitForSingleObject
FindClose
GetFullPathNameW
FindFirstFileW
FindNextFileW
SetFilePointer
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
FindResourceW
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
InterlockedExchange
LoadLibraryA
RtlUnwind
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
IsProcessorFeaturePresent
SetEndOfFile
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
MulDiv
SetLastError
FlushInstructionCache
GetCurrentProcess
InitializeCriticalSection
GetModuleFileNameW
CloseHandle
CreateFileW
ReadFile
WriteFile
LockResource
LoadLibraryW
GetProcAddress
lstrcpyW
CreateThread
GetCurrentThreadId
GetStringTypeExW
GetThreadLocale
lstrlenA
OutputDebugStringW
DebugBreak
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SystemTimeToFileTime
lstrcmpW
lstrlenW
VirtualQuery

user32

DeferWindowPos
BeginDeferWindowPos
DialogBoxParamW
EndDialog
RegisterClassExW
LoadImageW
GetClassInfoExW
wsprintfW
LoadStringA
PostQuitMessage
SetRectEmpty
LoadCursorW
IsWindowVisible
SetScrollInfo
MapWindowPoints
DestroyCursor
LoadMenuW
LoadAcceleratorsW
CreateWindowExW
DestroyWindow
InvalidateRect
SetRect
DrawFocusRect
BeginPaint
EndPaint
GetDlgCtrlID
GetMessagePos
WindowFromPoint
ScreenToClient
ScrollWindowEx
GetScrollInfo
SetScrollPos
MessageBeep
TrackPopupMenuEx
GetMonitorInfoW
MonitorFromPoint
PeekMessageW
PtInRect
GetCapture
SetFocus
CopyRect
DrawEdge
IsWindowEnabled
GetWindowDC
ReleaseDC
InflateRect
SystemParametersInfoW
CreatePopupMenu
AppendMenuW
RemoveMenu
CreateDialogParamW
SetWindowLongW
GetKeyState
GetWindowThreadProcessId
FillRect
DrawFrameControl
FrameRect
OffsetRect
CharLowerW
CharNextW
GetFocus
ModifyMenuW
GetClassNameW
GetSubMenu
RegisterWindowMessageW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
DrawTextW
MoveWindow
MapVirtualKeyW
GetKeyNameTextW
CharUpperW
UnregisterClassA
EndDeferWindowPos
GetWindowRect
GetSystemMetrics
IsWindow
GetDC
UpdateWindow
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
IsMenu
CallWindowProcW
SetWindowPos
LoadStringW
LoadBitmapW
DefWindowProcW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowPlacement
GetWindowPlacement
GetActiveWindow
GetWindowLongW
GetParent
ShowWindow
SetMenu
GetMenu
SetMenuDefaultItem
GetWindowTextW
EnableMenuItem
TrackPopupMenu
ReleaseCapture
SetCapture
SetCursor
SendMessageW
GetSysColor
GetSysColorBrush
DestroyCaret
EnableWindow
GetWindow
wvsprintfW
GetClientRect
SetWindowTextW
PostMessageW
GetDlgItem
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
GetCursorPos

gdi32

SetBrushOrgEx
DeleteDC
BitBlt
CreateBitmap
PatBlt
CreateDIBSection
CreateCompatibleBitmap
CreatePatternBrush
CreateFontIndirectW
CreateDIBitmap
SetBkMode
SetViewportOrgEx
GetObjectW
GetTextExtentPoint32W
DeleteObject
CreateFontW
LineTo
MoveToEx
CreateCompatibleDC
SetBkColor
GetStockObject
CreatePen
SelectObject
SetTextColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

ole32

CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoUninitialize

oleaut32

VarUI4FromStr

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a185195e8851d01a3ee1fc2acc50836

Headers

File Characteristics

Imports

shlwapi

comctl32

shell32

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 34KB - Virtual size: 33KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 34KB - Virtual size: 33KB