AWS.DomainJoin.exe

  • File Path: C:\Program Files\Amazon\SSM\Plugins\awsDomainJoin\AWS.DomainJoin.exe
  • Description: Ec2Config.DomainJoin

Hashes

Type Hash
MD5 C9A2D48A263C2FDE3CE3449739C14087
SHA1 EA56ECD4BB19794001BF10AF0E87EF9285F73D03
SHA256 97427335721A89356F7E495400755E256D8800DEF5656B594973D79B2934723E
SHA384 4ABA178AFC317602664F4B65A7A3CD9AE8CDD1E963DBB78F119D5709DDEC6BF8D9A5BE78CAD28D1CEF02C14A3CCD8586
SHA512 EAF0CF0D1B2406DDE7465CBE458B415336303A080CB4F2700455B99657BB31994799DC7608A78C8A9603E6B247ACB1AF88DE80B0A510FE96A3AEB5F0BAD545D6
SSDEEP 49152:Tz4YfI8ERt8i4Bapk930teXT892BIx8XBir1JohNXVXRmHpXs0:TEYwV4Bam9ktejdBbRWHohNXx
IMP F34D5F2D4577ED6D9CEEC516C1F5A744
PESHA1 BC1B3876041833DCD07E720762568E8B8A897A88
PE256 38E4B91AE54544150AA06879FC6ACD3BD40C75695D31D3A39C4F04A4325F77B2

Runtime Data

Child Processes:

conhost.exe

Open Handles:

Path Type
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\System32\en-US\winnlsres.dll.mui File
(RW-) C:\Users\user File
...\Cor_SxSPublic_IPCBlock Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_4808 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\UrlZonesSM_Administrator Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section

Loaded Modules:

Path
C:\Program Files\Amazon\SSM\Plugins\awsDomainJoin\AWS.DomainJoin.exe
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\5543cca0df435801e2303ff46a482ed5\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Comp46f2b404#\1c92eca48f2d96d558a0e489a3180648\System.ComponentModel.DataAnnotations.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\875dc3cfd53efc9f9a5c63016cd239d7\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\f29b1120627489754c4b8dd317bbe950\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\a39e284ddde9013349d1f350607766b8\System.Data.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\0a20c3e2769862d42803de9732fcf620\System.Runtime.Serialization.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\1f8e15c27df619e8116461e283dac636\System.Xml.Linq.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\488d073901c2c0fb8ccbcbe182b6b160\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\6885802f40fd803e49150d8a2b43a09b\System.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.dll
C:\Windows\System32\CRYPTSP.dll
C:\Windows\SYSTEM32\DNSAPI.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\SYSTEM32\IPHLPAPI.DLL
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.dll
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\MSASN1.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\System32\msvcp_win.dll
C:\Windows\SYSTEM32\MSVCR120_CLR0400.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\system32\mswsock.dll
C:\Windows\system32\napinsp.dll
C:\Windows\system32\NLAapi.dll
C:\Windows\System32\NSI.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\powrprof.dll
C:\Windows\System32\profapi.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\shell32.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\windows.storage.dll
C:\Windows\System32\winrnr.dll
C:\Windows\System32\WINTRUST.dll
C:\Windows\SYSTEM32\wldp.dll
C:\Windows\System32\ws2_32.dll
C:\Windows\system32\wshbth.dll

Signature

  • Status: The file C:\Program Files\Amazon\SSM\Plugins\awsDomainJoin\AWS.DomainJoin.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: AWS.DomainJoin.exe
  • Product Name:
  • Company Name: Amazon Web Services, Inc.
  • File Version: 4.9.4276
  • Product Version: 4.9.4276
  • Language: Language Neutral
  • Legal Copyright: Copyright (c) Amazon Web Services, Inc. 2015
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 1/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/97427335721a89356f7e495400755e256d8800def5656b594973d79b2934723e/detection/

MIT License. Copyright (c) 2020-2021 Strontic.