ADInsight[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ADInsight.exe
Size

2.3MB
MD5

c04382d4a3d6532e4b60fbf057860854
SHA1

e66e5c06af9653125717fa428c2f1ab6419cd6d5
SHA256

deae099e25b2e77e2e01f9a9d813a2392b70cde20b5c2e92ae769454150caaba
SHA512

74f8b99cd0504b7899b914f76814280fe4479a28bd2e2361615a67aaf0552f736bff8abc623de6b154568b35f33b125615e6aaedcad947cff31a7bf0ab86b299
SSDEEP

24576:TU963E+oLOJ7Ef9QYsPp5gIqlr/u/hUPgFOiy6s09w:1ELY7OCYsPp5gvrm/hJta

Score

1^/10

Malware Config

Signatures

Files

ADInsight.exe
.exe windows:5 windows x86 arch:x86

1dafe59ea5267aa94acd8e3d40190fbc

Code Sign

33:00:00:00:89:62:0d:9e:95:d3:61:6b:a8:00:00:00:00:00:89
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:41:49:66:4c:31:7c:e4:22:23:19:9a:d3:60:6d:0a:e2:ee:df:08
Signer

Actual PE Digest

be:41:49:66:4c:31:7c:e4:22:23:19:9a:d3:60:6d:0a:e2:ee:df:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Builds\13810\Tools\ADInsight_master\bin\Win32\Release\ADInsight.pdb

Imports

comctl32

ImageList_ReplaceIcon
ord17
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_Add
ImageList_Destroy
ImageList_Draw
ImageList_Create
ImageList_LoadImageW
InitCommonControlsEx
ImageList_AddMasked

ws2_32

WSAStartup
WSACleanup

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

WaitForSingleObject
GetComputerNameW
GetTickCount
OpenProcess
WideCharToMultiByte
Sleep
GetFileAttributesW
GetCurrentDirectoryW
CreateEventW
lstrcmpiW
QueryPerformanceFrequency
CloseHandle
ConnectNamedPipe
CreateNamedPipeW
SetThreadPriority
ResetEvent
GetExitCodeThread
SetWaitableTimer
WaitNamedPipeW
GetVersionExW
CreateFileW
SetNamedPipeHandleState
CreateWaitableTimerW
ReleaseMutex
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
DebugBreak
SetLastError
GlobalLock
GlobalAlloc
GetTimeFormatW
FileTimeToSystemTime
GlobalUnlock
GlobalReAlloc
CreateThread
InterlockedDecrement
ReadProcessMemory
InterlockedIncrement
ExpandEnvironmentStringsA
LoadLibraryA
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetModuleFileNameA
GetFileType
GetTimeZoneInformation
GetStringTypeW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleCP
ReadConsoleW
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
ResumeThread
ExitThread
EncodePointer
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetCurrentProcess
MoveFileExW
FreeLibrary
DeleteFileW
DeleteCriticalSection
DecodePointer
LockResource
HeapSize
RaiseException
GetTempPathW
HeapDestroy
SizeofResource
InitializeCriticalSectionAndSpinCount
LoadResource
FindResourceW
FindResourceExW
HeapReAlloc
GetTempFileNameW
GetModuleFileNameW
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
lstrlenA
GetModuleHandleW
GetCommandLineW
WaitForMultipleObjects
GetLastError
GetOverlappedResult
ReadFile
WriteFile
SetEvent
GetProcessHeap
HeapFree
HeapAlloc
lstrlenW
MultiByteToWideChar
OutputDebugStringW
CompareStringW
LCMapStringW
SetFilePointerEx
WriteConsoleW
SetStdHandle
FlushFileBuffers
SetEndOfFile
SetEnvironmentVariableA
GetUserDefaultLangID

user32

OpenClipboard
EnableWindow
SetClipboardData
DrawFocusRect
EndPaint
DrawTextW
CallNextHookEx
BeginPaint
PtInRect
RegisterClassExW
OffsetRect
SetRect
SystemParametersInfoW
GetDCEx
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
DrawFrameControl
GetIconInfo
GetDesktopWindow
ClientToScreen
DestroyWindow
TranslateAcceleratorW
GetDlgItemInt
DestroyAcceleratorTable
SetTimer
ScreenToClient
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
IsChild
LoadImageW
EmptyClipboard
KillTimer
GetSubMenu
SetForegroundWindow
GetFocus
DialogBoxParamW
InvalidateRgn
MessageBeep
WaitForInputIdle
FindWindowW
GetClientRect
SetFocus
GetMenuItemInfoW
CreateIconIndirect
GetDC
TranslateMessage
LoadAcceleratorsW
SetDlgItemInt
GetClassNameW
IsDialogMessageW
LoadIconW
LoadMenuW
SendMessageTimeoutW
DrawIconEx
GetWindowThreadProcessId
GetWindow
IsIconic
IsZoomed
TrackMouseEvent
CallWindowProcW
FlashWindow
GetWindowLongW
AppendMenuW
PostMessageW
GetWindowTextW
ReleaseDC
EnableMenuItem
GetMenuState
SetWindowLongW
SetWindowPos
GetCursorPos
LoadStringW
CheckDlgButton
ShowWindow
CreatePopupMenu
IsDlgButtonChecked
CreateDialogParamW
GetActiveWindow
IsWindow
CreateWindowExW
DeferWindowPos
MessageBoxW
ReleaseCapture
BeginDeferWindowPos
RegisterClassW
UpdateWindow
DestroyMenu
DestroyIcon
EndDeferWindowPos
SetMenuItemInfoW
DefWindowProcW
CheckMenuItem
DispatchMessageW
GetWindowRect
GetParent
ChildWindowFromPoint
InvalidateRect
GetSysColor
SetDlgItemTextW
MoveWindow
SetCursor
DialogBoxIndirectParamW
LoadCursorW
InflateRect
GetDlgItem
EndDialog
GetSysColorBrush
SendMessageW
SetWindowTextW
CheckRadioButton
GetDlgItemTextW
GetDlgCtrlID
GetDlgItemTextA
SetDlgItemTextA
CloseClipboard
FillRect
GetMenu
SetCapture

gdi32

GetTextExtentPoint32W
MoveToEx
LineTo
ExtTextOutW
BitBlt
GetDIBits
GetTextMetricsW
DeleteDC
CreateDIBSection
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
CreateFontIndirectW
SetBkMode
SelectObject
GetObjectW
GetStockObject
EndPage
StartPage
GetDeviceCaps
SetMapMode
StartDocW
SetBkColor
EndDoc

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
ChooseColorW

advapi32

RegOpenKeyW
RegCloseKey
RegCreateKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
LookupAccountSidW
GetTokenInformation
OpenProcessToken
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
IsValidSid
RegQueryValueExW

shell32

SHGetFileInfoW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

SHDeleteKeyW

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dafe59ea5267aa94acd8e3d40190fbc

Code Sign

33:00:00:00:89:62:0d:9e:95:d3:61:6b:a8:00:00:00:00:00:89Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

be:41:49:66:4c:31:7c:e4:22:23:19:9a:d3:60:6d:0a:e2:ee:df:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

ws2_32

rpcrt4

psapi

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

shlwapi

Sections

.text Size: 294KB - Virtual size: 293KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 83KB - Virtual size: 1.9MB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 17KB - Virtual size: 16KB

33:00:00:00:89:62:0d:9e:95:d3:61:6b:a8:00:00:00:00:00:89
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

be:41:49:66:4c:31:7c:e4:22:23:19:9a:d3:60:6d:0a:e2:ee:df:08
Signer

.text
Size: 294KB - Virtual size: 293KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 83KB - Virtual size: 1.9MB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 17KB - Virtual size: 16KB