ADExplorer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ADExplorer.exe
Size

468KB
MD5

5d70cf91907165a1425e4ecb4ffa03aa
SHA1

bc1d7c9968ee92431f8ad9b4f8063b5b56f32ad5
SHA256

bb45d8ffe245c361c04cca44d0df6e6bd7596cabd70070ffe0d9f519e3b620ea
SHA512

fa92e37a6cf5b5eb1f107dc3153fca20f2f041160a61033bac5b6edde68f759ef97967dfdba734e11f20a429df53f9cd1e0a24aa5541f69749f403387aa70c7f
SSDEEP

12288:QJB9/HQLmTMga6JzQdrAVzDtpzO9LZvYC:QCLmwgza2VzSLZvB

Score

1^/10

Malware Config

Signatures

Files

ADExplorer.exe
.exe windows:5 windows x86 arch:x86

fc22a526c18358f987f144e2ac31d338

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:02:92:4a:00:00:00:00:00:20
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:a7:02:ec:da:74:1e:43:73:11:87:63:b3:e4:cc:5c:8a:2f:8c:31
Signer

Actual PE Digest

04:a7:02:ec:da:74:1e:43:73:11:87:63:b3:e4:cc:5c:8a:2f:8c:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\ADExplorer\Release\ADExplorer.pdb

Imports

netapi32

NetUserGetGroups
NetUserGetLocalGroups

rpcrt4

UuidFromStringW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

LCMapStringA
GetConsoleMode
GetConsoleCP
GetModuleHandleA
DebugBreak
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
LCMapStringW
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
GetStringTypeA
GetCurrentThreadId
SetLastError
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ResumeThread
ExitThread
HeapSize
HeapAlloc
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
ExpandEnvironmentStringsA
GetProcessHeap
HeapFree
WideCharToMultiByte
lstrlenA
WriteFile
FileTimeToLocalFileTime
GetCurrentProcess
FreeLibrary
GetSystemInfo
GetLastError
Sleep
GetSystemTimeAsFileTime
MultiByteToWideChar
CreateFileW
ReadFile
GetSystemDirectoryW
OutputDebugStringW
GetFileSize
TlsAlloc
FormatMessageW
TlsSetValue
GetUserDefaultLangID
TlsGetValue
GetSystemDefaultLangID
LocalAlloc
LocalFree
GetTimeZoneInformation
FileTimeToSystemTime
GetTimeFormatW
CompareFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
DeleteFileW
CloseHandle
DeleteCriticalSection
CreateFileMappingW
GlobalFree
EnterCriticalSection
GetProcAddress
GlobalUnlock
CompareStringW
GetModuleFileNameW
GetFileAttributesW
LeaveCriticalSection
GetVersionExW
LoadLibraryW
GlobalAlloc
InitializeCriticalSection
GetTickCount
GetModuleHandleW
GlobalLock
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetCommandLineW
SetStdHandle
FlushFileBuffers
VirtualQuery
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

DispatchMessageW
MoveWindow
CheckMenuItem
MsgWaitForMultipleObjects
DrawTextW
PostMessageW
SetCapture
LoadImageW
TrackPopupMenu
PostQuitMessage
GetMessageW
GetWindowRect
ScreenToClient
GetDlgItemInt
TranslateAcceleratorW
CloseClipboard
GetWindowTextLengthW
SetCursor
SetWindowPlacement
DestroyWindow
ClientToScreen
EndPaint
DialogBoxIndirectParamW
CopyIcon
IsZoomed
GetSubMenu
DeleteMenu
GetFocus
DialogBoxParamW
GetParent
LoadCursorW
MessageBeep
MenuItemFromPoint
GetClientRect
SetFocus
GetMenuItemInfoW
BeginPaint
PtInRect
SetPropW
InsertMenuItemW
TranslateMessage
LoadAcceleratorsW
InflateRect
ChildWindowFromPoint
SetDlgItemInt
GetMenu
IsDialogMessageW
DefWindowProcW
CallWindowProcW
GetPropW
DrawFrameControl
EndDeferWindowPos
DestroyIcon
SetWindowTextW
DestroyMenu
SetClipboardData
RegisterClassExW
LoadIconW
GetWindowPlacement
OffsetRect
InvalidateRect
LoadMenuW
GetWindowLongW
AppendMenuW
GetWindowTextW
PeekMessageW
GetClassNameW
EnableMenuItem
EmptyClipboard
GetDlgItem
SetWindowLongW
EndDialog
SendDlgItemMessageW
GetSysColor
SetWindowPos
CheckDlgButton
EnumChildWindows
ShowWindow
CreatePopupMenu
GetSysColorBrush
IsDlgButtonChecked
CreateDialogParamW
DrawMenuBar
GetActiveWindow
GetMenuItemCount
CreateWindowExW
SetMenuDefaultItem
OpenClipboard
DeferWindowPos
MessageBoxW
ReleaseCapture
BeginDeferWindowPos
GetSystemMetrics
IsWindowVisible
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
MapWindowPoints
UpdateWindow
EnableWindow

gdi32

SetBkColor
ExtTextOutW
EndPage
StartPage
GetDeviceCaps
SetMapMode
SetTextColor
CreateFontIndirectW
SetBkMode
SelectObject
GetObjectW
EndDoc
GetStockObject
StartDocW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

advapi32

GetSecurityDescriptorLength
RegDeleteValueW
RegCreateKeyW
RegEnumValueW
RegSetValueExW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSid
GetSecurityDescriptorOwner
GetSidIdentifierAuthority
GetSidSubAuthority
MapGenericMask
GetSidSubAuthorityCount
EqualSid
GetAce
LookupAccountSidW
AllocateAndInitializeSid
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteW

ole32

CoInitialize
CreateBindCtx
CoUninitialize
CoCreateInstance
IIDFromString
StringFromGUID2

oleaut32

SafeArrayAccessData
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
VarDateFromStr
VariantChangeType
VariantInit
SysAllocStringByteLen
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

comctl32

ImageList_Draw
CreateToolbarEx
CreatePropertySheetPageW
ImageList_Create
ImageList_ReplaceIcon
ImageList_EndDrag
ImageList_DragMove
ImageList_BeginDrag
ImageList_DragLeave
ImageList_DragEnter
ord17
CreateStatusWindowW
PropertySheetW

activeds

ord9
ord20
ord15
ord12
ord13
ord7

wldap32

ord155
ord118
ord14
ord73
ord145
ord13
ord188
ord88

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc22a526c18358f987f144e2ac31d338

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9dCertificate

Extended Key Usages

61:02:92:4a:00:00:00:00:00:20Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

04:a7:02:ec:da:74:1e:43:73:11:87:63:b3:e4:cc:5c:8a:2f:8c:31Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

rpcrt4

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

activeds

wldap32

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 41KB - Virtual size: 49KB

.rsrc Size: 41KB - Virtual size: 40KB

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

61:02:92:4a:00:00:00:00:00:20
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

04:a7:02:ec:da:74:1e:43:73:11:87:63:b3:e4:cc:5c:8a:2f:8c:31
Signer

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 41KB - Virtual size: 49KB

.rsrc
Size: 41KB - Virtual size: 40KB