ADExplorer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ADExplorer.exe
Size

1.2MB
MD5

a9e390237a96e0c6655b1a06f8d72c6f
SHA1

6b242ad80260f3cb3e67a1d2a1ee164de465c76e
SHA256

c5c5363d675d1bd6797081b8b7afd7fb209960a45fe18202d64d36b72a013866
SHA512

65a45395b3a47957949305df7e3fcfd63a9e387d88134b051cbf691f0990cb014db9bcf949df9d836082d736a86e26828ee793eb5f57df86ed04bace8e34a349
SSDEEP

24576:ga54l5JaKqJlaBjswIZfFrECLVoQ4eyitAoC/9uwntKUfxw5cWo:DMkJlaKnZdrxLVoQyYUfxw6Wo

Score

1^/10

Malware Config

Signatures

Files

ADExplorer.exe
.exe windows:6 windows x86 arch:x86

98deb91dd81ef3fa96bea51984c7b4fe

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:f5:b7:03:59:c9:0a:28:89:65:49:67:66:72:9e:d5:1c:b4:b4:57:12:42:12:04:a9:27:71:f7:c7:f4:06:5a
Signer

Actual PE Digest

31:f5:b7:03:59:c9:0a:28:89:65:49:67:66:72:9e:d5:1c:b4:b4:57:12:42:12:04:a9:27:71:f7:c7:f4:06:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetUserGetGroups
NetUserGetLocalGroups

rpcrt4

UuidFromStringW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FindFirstFileExW
FindClose
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
LCMapStringW
HeapQueryInformation
HeapSize
HeapReAlloc
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetConsoleCP
GetModuleHandleExW
IsValidCodePage
TlsFree
EncodePointer
RtlUnwind
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
WideCharToMultiByte
RaiseException
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
LoadLibraryExA
ExpandEnvironmentStringsA
WriteFile
CreateProcessW
FindResourceW
LoadResource
LockResource
GetTempPathW
RemoveDirectoryW
SizeofResource
CreateDirectoryW
FreeLibrary
FileTimeToLocalFileTime
GetCurrentProcess
GetSystemTimeAsFileTime
GetSystemInfo
GetLastError
Sleep
GetFileSize
OutputDebugStringW
MultiByteToWideChar
GetSystemDirectoryW
CreateFileW
ReadFile
TlsGetValue
TlsAlloc
FormatMessageW
GetSystemDefaultLangID
GetUserDefaultLangID
TlsSetValue
GetDateFormatW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeFormatW
FileTimeToSystemTime
GetTimeZoneInformation
CompareFileTime
GlobalUnlock
GetTickCount
MapViewOfFile
CreateFileMappingW
VerifyVersionInfoW
VerSetConditionMask
DecodePointer
DeleteCriticalSection
GlobalLock
CloseHandle
GlobalFree
DeleteFileW
GlobalAlloc
UnmapViewOfFile
GetFileAttributesW
SetEndOfFile
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
FindNextFileW
CompareStringW
GetFileType
GetModuleHandleW
LocalFree
GetProcAddress
LocalAlloc
GetStdHandle
GetCommandLineW
LoadLibraryExW
GetVersionExW
SetLastError
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlushFileBuffers
WriteConsoleW
ExitProcess

user32

GetDlgItem
MessageBoxW
SetWindowPos
IsWindowVisible
DestroyWindow
InsertMenuItemW
GetFocus
GetMenu
GetWindowRect
GetSysColorBrush
CallWindowProcW
LoadMenuW
DefWindowProcW
GetMenuItemInfoW
DeferWindowPos
CreateDialogParamW
GetMessageW
GetWindowTextLengthW
GetWindowLongW
CopyIcon
PostMessageW
GetPropW
GetMenuItemCount
EnumChildWindows
CreateWindowExW
DeleteMenu
ScreenToClient
GetSystemMetrics
MessageBeep
CreatePopupMenu
MsgWaitForMultipleObjects
RegisterClassExW
GetWindowPlacement
LoadAcceleratorsW
TrackPopupMenu
GetSubMenu
GetActiveWindow
ShowWindow
BeginDeferWindowPos
OpenClipboard
OffsetRect
DispatchMessageW
IsDialogMessageW
DestroyIcon
EndPaint
SetCursor
LoadCursorW
DialogBoxIndirectParamW
SetWindowTextW
EndDialog
SendMessageW
InflateRect
GetWindowTextW
ClientToScreen
CloseClipboard
EmptyClipboard
PeekMessageW
SetDlgItemTextW
MapWindowPoints
SetWindowPlacement
SetMenuDefaultItem
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
MoveWindow
IsDlgButtonChecked
DestroyMenu
SetFocus
TranslateAcceleratorW
SetPropW
TranslateMessage
LoadIconW
GetClassNameW
DrawMenuBar
SetCapture
EndDeferWindowPos
SetClipboardData
GetDlgItemInt
SetWindowLongW
CheckMenuItem
GetClientRect
IsZoomed
AppendMenuW
DrawTextW
CheckDlgButton
PostQuitMessage
EnableMenuItem
MenuItemFromPoint
SetDlgItemInt
GetParent
DialogBoxParamW
PtInRect
UpdateWindow
DrawFrameControl
ReleaseCapture
LoadImageW
InvalidateRect
ChildWindowFromPoint
BeginPaint
EnableWindow

gdi32

ExtTextOutW
SelectObject
GetStockObject
SetTextColor
SetBkMode
GetObjectW
SetBkColor
EndDoc
GetDeviceCaps
SetMapMode
StartDocW
CreateFontIndirectW
EndPage
StartPage

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegCloseKey
RegSetValueExW
GetSecurityDescriptorLength
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegDeleteValueW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSidIdentifierAuthority
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetSecurityDescriptorDacl
GetAce
EqualSid
GetSidSubAuthorityCount
MapGenericMask
IsValidSid
GetSecurityDescriptorOwner
GetSidSubAuthority
GetSecurityDescriptorGroup
AllocateAndInitializeSid
LookupAccountSidW

shell32

ShellExecuteW
CommandLineToArgvW

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CreateBindCtx
CoInitialize
IIDFromString

oleaut32

SafeArrayAccessData
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocStringByteLen
SysAllocString
VarDateFromStr
SysStringLen
VariantChangeType
VariantClear
SafeArrayGetElement

comctl32

ImageList_EndDrag
PropertySheetW
CreateToolbarEx
ImageList_DragLeave
ord17
ImageList_Draw
ImageList_Create
ImageList_DragEnter
ImageList_ReplaceIcon
ImageList_DragMove
ImageList_BeginDrag
CreatePropertySheetPageW
CreateStatusWindowW

activeds

ord20
ord15
ord12
ord13
ord7
ord9

wldap32

ord118
ord13
ord88
ord145
ord155
ord14
ord188
ord73

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98deb91dd81ef3fa96bea51984c7b4fe

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:ccCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

31:f5:b7:03:59:c9:0a:28:89:65:49:67:66:72:9e:d5:1c:b4:b4:57:12:42:12:04:a9:27:71:f7:c7:f4:06:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

rpcrt4

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

activeds

wldap32

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 28KB - Virtual size: 32KB

.rsrc Size: 687KB - Virtual size: 687KB

.reloc Size: 22KB - Virtual size: 21KB

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

31:f5:b7:03:59:c9:0a:28:89:65:49:67:66:72:9e:d5:1c:b4:b4:57:12:42:12:04:a9:27:71:f7:c7:f4:06:5a
Signer

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 687KB - Virtual size: 687KB

.reloc
Size: 22KB - Virtual size: 21KB