adhapi.dll

  • File Path: C:\Windows\system32\adhapi.dll
  • Description: AD harvest sites and subnets API

Hashes

Type Hash
MD5 CF88982155D10E9FE3230A61015CC8EC
SHA1 7FD254481511B9CA827E9AEDECE59D6EA2B06895
SHA256 89A363B639B6542E78171A9153C152513EEE92D0D2549A17E25CF9828DC6F030
SHA384 1965872F6B9276513084A86DB247E689BDF963CCB39E00D54FDD8EECE2541EBBFB63B4D7011E7947A9417608BD9AD16C
SHA512 3C60798968E0DC265F6D7555814996915C0E8FE5ECC98FC357CB85748AF843DFBD46F22EDC544ABFCCECDAD38A62A78150FDC6F748880D19F7D10A009904CA7E
SSDEEP 384:j3/xrlbzDZTKL8Fja8xxU5gDO/AYp4bmw1at6WuMW:bZ+oFNxxW/AYp4kt6
IMP 32958480369CEBB74256D975884CD863
PESHA1 6C0D8E069CB78E38C2E0B586130931E7283973C6
PE256 D9C359B2761FA284465DB4DE7804B5BC44AF4F5A56441B8876B62FFBCF0092A6

DLL Exports:

Function Name Ordinal Type
AdhStatusEventSubscribe 5 Exported Function
AdhStatusEventUnsubscribe 6 Exported Function
DllMain 7 Exported Function
AdhGetEvidenceCollectorResult 4 Exported Function
AdhEngineClose 1 Exported Function
AdhEngineOpen 2 Exported Function
AdhGetConfig 3 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: AdhApi.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/89a363b639b6542e78171a9153c152513eee92d0d2549a17e25cf9828dc6f030/detection/

MIT License. Copyright (c) 2020 Strontic.