46f6e9928dd1d70d9d94561b6624b2fe

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2003-Feb-28 17:19:31
Detected languages English - United States
Debug artifacts adammigrate.pdb
CompanyName Microsoft Corporation
FileDescription Active Directory Lightweight Directory Services migration plugin
FileVersion 10.0.19041.1 (WinBuild.160101.0800)
InternalName adammigrate.dll
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename adammigrate.dll
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.19041.1

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Can access the registry:
  • RegDeleteValueW
  • RegCreateKeyExW
  • RegSetValueExW
  • RegOpenKeyExW
  • RegEnumKeyExW
  • RegQueryInfoKeyW
  • RegCloseKey
  • RegQueryValueExW
 Interacts with services:
  • QueryServiceStatus
  • QueryServiceConfigW
  • OpenServiceW
  • OpenSCManagerW
  • ControlService
Safe VirusTotal score: 0/68 (Scanned on 2026-02-09 17:15:53) All the AVs think this file is safe.

Hashes

MD5 46f6e9928dd1d70d9d94561b6624b2fe
SHA1 91b2e0d6a682d17b8773726c88c1d16f5b219f5c
SHA256 3da3596a490eec5144dbccbd3035a30cdcb3ef571ec64c80010b03d2450b2ede
SHA3 ad62ed94adbb748bae607301bd0a9eaff77360a719777bfbe7ced320fdccddf3
SSDeep 1536:ZQ/P3Zh7JqPM++lXiV2rfUUCUIIb8TrnGsLI2q3IJXQE0w:u3H1qPT+oV2YUCUIhTLJYIJXQEj
Imports Hash 771dd70236fa127f145f79ccb8675393

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2003-Feb-28 17:19:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x11000
SizeOfInitializedData 0xd600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000F260 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x22000
SizeOfHeaders 0x400
Checksum 0x1ed67
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 82cc266d71bf66aa70aaa4bb8d6a4b57
SHA1 5f88f045d5cfdfa8dea9c146261e3799e4f59c55
SHA256 725d6d5ade9e67bb4a8d45dfe758e4f2a69240e44dd4389fb281630796956362
SHA3 474f781fc8732a6f9697bbc7967756a5e2ff96447f5a02ec0fcd2eccb97a1226
VirtualSize 0x10f19
VirtualAddress 0x1000
SizeOfRawData 0x11000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.00387

.rdata

MD5 8a9a12812b17b73832acff2b873a5dfb
SHA1 2d14f61bc6fafc64af9cbb824df9f584043d6234
SHA256 22566ca55eaaea8372a237577827e737427adfbe75f87b4dfbf9259bb2e54f93
SHA3 fda0c0f86e0c6022483312b04e2add80897229645e2ac7925bbc71cfc65281e0
VirtualSize 0xa2c4
VirtualAddress 0x12000
SizeOfRawData 0xa400
PointerToRawData 0x11400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.94969

.data

MD5 3a4a2e3f1e834922a2e741fc919aaefc
SHA1 6f98e06169fc3062e3182bf321f87a274475b1ec
SHA256 091a356fca695516e424c254d06f6549c15f3d8f25c89d58e0d74efcc408064d
SHA3 c3420b137ff0c53d5649897cc8da562188f1250336a2fc8487eb12b6abff920e
VirtualSize 0x1740
VirtualAddress 0x1d000
SizeOfRawData 0x1000
PointerToRawData 0x1b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.12846

.pdata

MD5 aea488805b5912088caad2faea84cca9
SHA1 111ca3856604ebd48cbb4c2b06cf80182adb2b10
SHA256 d4a4d25bb0e839ec208c6b328bc32c0444de72d0683ef3da8e57a16dc606a0eb
SHA3 e110bc19b1432784e4b3d80d78756d4062fa9b4b6cc3a89f73e4b60260bd7b49
VirtualSize 0xe58
VirtualAddress 0x1f000
SizeOfRawData 0x1000
PointerToRawData 0x1c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.62336

.rsrc

MD5 68535c77ecaab9fc2c5c079b6f0bc92e
SHA1 3f7b692e72cf29efcff12d9151b3997d63215655
SHA256 03dc61d9c035eaaa20a5eb2b847dbdf70378f5b1e1301d9bf7d8362872880101
SHA3 83fbeb3eba4c101b54233aa8ab8ff8a565dd9eec49c70b2c0c811db81e3624cf
VirtualSize 0x570
VirtualAddress 0x20000
SizeOfRawData 0x600
PointerToRawData 0x1d800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.39843

.reloc

MD5 128f7f9843e49c88ee750bc62d81d2ec
SHA1 6aae2d770821d291b2583a1450a2118f08be5642
SHA256 b63c09885ce1d66693406d88f196577ff2a0a9ddf0c8506dd71d2fa94e275713
SHA3 c97be39277bfbbc5a81fb9413b677df47ac24eb0cf43024654f8b9d196b2eff3
VirtualSize 0x29c
VirtualAddress 0x21000
SizeOfRawData 0x400
PointerToRawData 0x1de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.13228

Imports

msvcrt.dll _XcptFilter
_amsg_exit
_initterm
_CxxThrowException
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
wcscspn
_purecall
?what@exception@@UEBAPEBDXZ
_local_unwind
?terminate@@YAXXZ
memcmp
_wcsicmp
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
memcpy
memset
KERNEL32.dll OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LocalFree
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LockResource
GetComputerNameW
GetTickCount
Sleep
HeapAlloc
GetProcessHeap
HeapFree
ExpandEnvironmentStringsW
HeapSize
HeapReAlloc
HeapDestroy
lstrlenA
ole32.dll StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromCLSID
OLEAUT32.dll GetErrorInfo
VariantClear
LoadRegTypeLib
SysAllocStringLen
SysStringLen
LoadTypeLib
SysAllocString
VarUI4FromStr
SysFreeString
SysAllocStringByteLen
USER32.dll UnregisterClassA
CharNextW
ADVAPI32.dll EnumDependentServicesW
QueryServiceStatus
QueryServiceConfigW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
ControlService
RegQueryValueExW
SHELL32.dll SHGetFileInfoW

Delayed Imports

DllCanUnloadNow

Ordinal 1
Address 0x17e0

DllGetClassObject

Ordinal 2
Address 0x1450

DllMain

Ordinal 3
Address 0x1820

DllRegisterServer

Ordinal 4
Address 0x15b0

DllUnregisterServer

Ordinal 5
Address 0x16d0

101

Type REGISTRY
Language English - United States
Codepage UNKNOWN
Size 0xa9
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.81219
MD5 0c38ef47ead0b6a0a36bb2ff59bbc189
SHA1 97af3ec077ac8fcbe4ae3e51e77ef4396e321861
SHA256 5061c423fd8fd89e50e89f884caf67959d4d6cd9471f26f9daf039072d4e2ca2
SHA3 d4cef5fad69315691392beec087f21354993b1eac575ed287bc9a50bf1056e50

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x400
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.42293
MD5 1e204b0e327f514d3cae64fee9b9e2ef
SHA1 ec788df3800f3f76cb861cc5e6997b232fa852cc
SHA256 2918d8ffa49db9bbb6a703f0a04f17380693d3b429575e7df145098dd9148a65
SHA3 6a016b9eded6562eb23f89fa1f4cab1f05b4fbdc8aff43c7ed8a28d60ff5bf44

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.19041.1
ProductVersion 10.0.19041.1
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Active Directory Lightweight Directory Services migration plugin
FileVersion (#2) 10.0.19041.1 (WinBuild.160101.0800)
InternalName adammigrate.dll
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename adammigrate.dll
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.19041.1
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2003-Feb-28 17:19:31
Version 0.0
SizeofData 40
AddressOfRawData 0x179b4
PointerToRawData 0x16db4
Referenced File adammigrate.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2003-Feb-28 17:19:31
Version 0.0
SizeofData 812
AddressOfRawData 0x179dc
PointerToRawData 0x16ddc

UNKNOWN

Characteristics 0
TimeDateStamp 2003-Feb-28 17:19:31
Version 0.0
SizeofData 36
AddressOfRawData 0x17d08
PointerToRawData 0x17108

TLS Callbacks

StartAddressOfRawData 0x180017d2c
EndAddressOfRawData 0x180017d34
AddressOfIndex 0x18001e590
AddressOfCallbacks 0x180012d98
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x118
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x18001dd68
GuardCFCheckFunctionPointer 6442527968
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0xc27ea1d5
Unmarked objects 0
ASM objects (27412) 3
C objects (27412) 17
Total imports 138
Imports (27412) 15
Exports (27412) 1
C objects (LTCG) (27412) 12
C++ objects (27412) 10
Resource objects (27412) 1
Linker (27412) 1

Errors