ardamax | JaffaCakes118_b6c8ef48cb7896740ff400e8924ead22

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_b6c8ef48cb7896740ff400e8924ead22
Size

286KB
MD5

b6c8ef48cb7896740ff400e8924ead22
SHA1

e462eec5fe1378a61539f081f29b7e2198bc59b6
SHA256

a7df7a64ece2ecdfda809f299468a6f61a74aec1c15cebf7d51eb5fe68b2396d
SHA512

a5e3882d346b4b8585da4f56280b24a72e0b4e6a0a93a34793d45be4cf81ca14730063dbf7c3fd5ba468e34c1f0d1a63aaf67040ffefd852201f01d7d7de3a7e
SSDEEP

3072:Lyijen+2UjU1NiqZ0y3ImHneKCg9fr/0naQmQS8trnd+2eqAbow:OYu+2UjEity33eKCg6nFmGdNAB

Score

10^/10

ardamax

Malware Config

Signatures

Ardamax family
ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
sample	family_ardamax

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b6c8ef48cb7896740ff400e8924ead22

Files

JaffaCakes118_b6c8ef48cb7896740ff400e8924ead22
.exe windows:4 windows x86 arch:x86

88dbf2af94ff56cb50b35c68aff10d1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrDupA
PathRemoveExtensionA
PathStripPathA
PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA
PathFileExistsA
StrChrA
StrPBrkA
StrFormatByteSizeA

ws2_32

gethostbyname
inet_addr
getservbyname
WSACleanup
htons
WSAStartup
socket
connect
send
recv
select
closesocket
shutdown

comctl32

ImageList_LoadImageA
DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
_TrackMouseEvent

shell32

ShellExecuteA
DoEnvironmentSubstA
ExtractIconA
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA
SHChangeNotify

wininet

InternetGetLastResponseInfoA
InternetCloseHandle
FtpPutFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpDeleteFileA
FtpSetCurrentDirectoryA
InternetConnectA
InternetOpenA

kernel32

InterlockedCompareExchange
IsProcessorFeaturePresent
GetThreadLocale
SetEnvironmentVariableA
lstrcpyA
lstrlenA
CreateFileA
lstrcmpA
GetModuleHandleA
GetProcAddress
FindResourceExA
lstrcpynA
LoadLibraryA
GetVersion
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
CloseHandle
WriteFile
lstrcmpiA
GetDateFormatA
DeleteFileA
lstrlenW
Sleep
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
OpenProcess
SetProcessWorkingSetSize
GetCurrentProcess
GetFileAttributesA
SetFileAttributesA
CreateThread
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCurrentProcessId
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcatA
SetPriorityClass
SetThreadPriority
GetCurrentThread
SetProcessPriorityBoost
MoveFileExA
ExitProcess
CreateMutexA
GetLastError
InitializeCriticalSection
FlushInstructionCache
SetLastError
LockResource
RaiseException
lstrcpyW
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
DeleteCriticalSection
CompareStringA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
EnumResourceNamesA
LocalAlloc
LocalReAlloc
ReadFile
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
SetFilePointer
LocalFree
CreateToolhelp32Snapshot
Module32First
Module32Next
Process32First
Process32Next
GetWindowsDirectoryA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FormatMessageA
WritePrivateProfileStringA
GetPrivateProfileStringA
CompareStringW
InterlockedExchange
GetTimeZoneInformation
GetTimeFormatA
GetTickCount
OutputDebugStringA
GetComputerNameA
CopyFileA
GetTempFileNameA
GetTempPathA
OpenFile
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
RtlUnwind
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA

user32

InvalidateRect
GetCaretPos
GetNextDlgTabItem
CharNextA
GetKeyState
MessageBeep
GetDlgItem
DestroyIcon
EndDialog
RegisterWindowMessageA
GetAncestor
SendMessageTimeoutA
GetWindowTextLengthA
GetWindowTextA
SendMessageA
GetWindowThreadProcessId
GetWindowModuleFileNameA
GetDlgCtrlID
IsWindowVisible
GetClassNameA
GetWindow
EnumWindows
PostQuitMessage
GetCursorPos
SetForegroundWindow
FindWindowA
RegisterHotKey
UnregisterHotKey
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA
DrawFocusRect
SetRectEmpty
DeleteMenu
CheckMenuItem
GetSubMenu
LoadMenuA
LoadIconA
CallWindowProcA
DialogBoxParamA
SetWindowPos
GetMenu
AdjustWindowRectEx
RegisterClassExA
GetClassInfoExA
DestroyWindow
IsMenu
DestroyMenu
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
EndPaint
GetParent
LoadStringA
DrawTextA
GetClassLongA
SetCursor
LoadCursorA
GetSysColorBrush
SystemParametersInfoA
DrawFrameControl
SetWindowLongA
CreateWindowExA
GetWindowLongA
SetDlgItemInt
ReleaseCapture
GetCapture
SetCapture
ScreenToClient
WindowFromPoint
GetMessagePos
FrameRect
InflateRect
OffsetRect
DrawEdge
IsWindowEnabled
CharLowerA
PeekMessageA
PtInRect
GetFocus
ModifyMenuA
TrackPopupMenuEx
GetMonitorInfoA
MonitorFromPoint
MapWindowPoints
FillRect
UnhookWindowsHookEx
CallNextHookEx
IsWindow
SetWindowsHookExA
ReleaseDC
GetWindowDC
wsprintfA
MapVirtualKeyA
GetKeyNameTextA
GetForegroundWindow
UnregisterClassA
TrackPopupMenu
GetSysColor
GetSystemMetrics
CopyRect
BeginPaint
GetWindowRect
MoveWindow
ScrollWindow
GetClientRect
LoadImageA
PostMessageA
KillTimer
SetTimer
GetDC
GetActiveWindow
EnableWindow
SetWindowTextA
SetDlgItemTextA
GetDlgItemInt
SetFocus
GetDlgItemTextA
ShowWindow
UpdateWindow
MessageBoxA

gdi32

DeleteObject
CreateCompatibleDC
GetObjectA
GetStockObject
CreatePen
CreateSolidBrush
CreateFontA
TextOutA
Polygon
SetBkMode
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
CreateCompatibleBitmap
PatBlt
CreateDIBSection
CreateBitmap
SetBkColor
BitBlt
DeleteDC
CreatePatternBrush
SetBrushOrgEx
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
SetTextColor
SetPolyFillMode

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
GetUserNameA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc

oleaut32

VariantClear
SysStringLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
VariantInit
DispCallFunc
VarUI4FromStr

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88dbf2af94ff56cb50b35c68aff10d1e

Headers

File Characteristics

Imports

shlwapi

ws2_32

comctl32

shell32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 39KB - Virtual size: 39KB