Winobj[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Winobj.exe
Size

1.4MB
MD5

9e81410abd780d6698eace1151ed53ef
SHA1

17372bc309823aba2b2c3f62a1cb52aa45a92e40
SHA256

c8313c8ea55733451a27dd43b66f90b27ff7cee5ab207c6826387a9b79c8f8a7
SHA512

58f0e04c627d75f797d77a686b1096adb136003b6a972fac4eafef69bec3e73cdaabb0df321d27fdabf8f9db41f2484f8e85abce2a4c47e40669cc6ae5289d39
SSDEEP

24576:qIqzPzQGmrz77GLhm7E1HEiI669XNW45RdrTQKXZ242gzk8lEOusop:xrP7GLhm7E1n69dW45brjIn8fusop

Score

1^/10

Malware Config

Signatures

Files

Winobj.exe
.exe windows x86

5d2f7b01308e94c361a46be0512f190e

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:32:11:6b:b0:5b:0b:34:ab:dd:cd:be:d5:e7:ac:8e:48:21:65:30:c1:d2:fb:80:49:6b:cf:22:34:47:f5:cd
Signer

Actual PE Digest

55:32:11:6b:b0:5b:0b:34:ab:dd:cd:be:d5:e7:ac:8e:48:21:65:30:c1:d2:fb:80:49:6b:cf:22:34:47:f5:cd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23-03-2023 16:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
LoadLibraryExA
FileTimeToLocalFileTime
QueryInformationJobObject
FileTimeToSystemTime
CreateDirectoryW
MulDiv
lstrcmpW
FreeResource
FormatMessageW
DecodePointer
GetTickCount64
GetCurrentProcessId
lstrcmpiW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
DebugBreak
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
WideCharToMultiByte
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
MultiByteToWideChar
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
OutputDebugStringW
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
LoadLibraryW
GetModuleFileNameW
FreeLibrary
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
GetFileSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
WriteConsoleW
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GetFileAttributesW
GetCurrentProcess
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
GetConsoleMode
SetLastError

user32

CreatePopupMenu
LoadAcceleratorsW
GetCapture
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
DrawEdge
RegisterWindowMessageW
LoadStringA
EnableMenuItem
GetCursorPos
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
MonitorFromPoint
GetMenuItemID
LockWindowUpdate
GetMenuItemInfoW
ModifyMenuW
SetCursorPos
GetMenuItemCount
GetSubMenu
GetMenuStringW
SetMenu
GetMenu
LoadMenuW
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
GetWindowThreadProcessId
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
LoadStringW
GetIconInfo
SetMenuItemInfoW
DestroyMenu
AppendMenuW
RemoveMenu
SetMenuDefaultItem
UnhookWindowsHookEx
MessageBeep
CheckMenuRadioItem
SendMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
SetCursor
GetSysColorBrush
WindowFromPoint
InsertMenuW
SetRectEmpty
LoadImageW
CheckDlgButton
SetDlgItemInt
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
EnableWindow
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
SetWindowsHookExW
InflateRect
LoadCursorW
OpenClipboard
CloseClipboard
DialogBoxParamW
SystemParametersInfoW
SetClipboardData
EmptyClipboard
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
GetClassNameW
SetClassLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
DrawIconEx
GetParent
SetWindowLongW
GetWindowLongW
GetSysColor
GetClientRect
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
EndPaint
BeginPaint
DrawTextW
KillTimer
SetTimer
GetFocus
SetFocus
CreateWindowExW

gdi32

SetBrushOrgEx
PatBlt
ExcludeClipRect
CreatePatternBrush
CreateBitmap
CreateDIBSection
GetCurrentObject
SetViewportOrgEx
Polyline
Polygon
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
ExtTextOutW
GetObjectW
SetTextColor
SetBkMode
SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateFontIndirectW
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps

comdlg32

PrintDlgW
ChooseFontW

advapi32

RegCreateKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
GetKernelObjectSecurity
MapGenericMask
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegQueryInfoKeyW

shell32

SHGetStockIconInfo
ShellExecuteW
ExtractIconExW
SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ImageList_Duplicate
ImageList_GetIcon
InitCommonControlsEx
ImageList_Draw
ImageList_Destroy

uxtheme

SetWindowTheme
IsThemeActive
IsAppThemed

msimg32

GradientFill

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

aclui

ord1

Sections

.text
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d2f7b01308e94c361a46be0512f190e

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

55:32:11:6b:b0:5b:0b:34:ab:dd:cd:be:d5:e7:ac:8e:48:21:65:30:c1:d2:fb:80:49:6b:cf:22:34:47:f5:cdSigner

Signature Validations

Verification

23-03-2023 16:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

uxtheme

msimg32

dwmapi

version

aclui

Sections

.text Size: 717KB - Virtual size: 716KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 19KB - Virtual size: 25KB

.detourc Size: 14KB - Virtual size: 13KB

.detourd Size: 512B - Virtual size: 36B

.rsrc Size: 471KB - Virtual size: 471KB

.reloc Size: 36KB - Virtual size: 35KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

55:32:11:6b:b0:5b:0b:34:ab:dd:cd:be:d5:e7:ac:8e:48:21:65:30:c1:d2:fb:80:49:6b:cf:22:34:47:f5:cd
Signer

23-03-2023 16:17
Valid: false

.text
Size: 717KB - Virtual size: 716KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 19KB - Virtual size: 25KB

.detourc
Size: 14KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.rsrc
Size: 471KB - Virtual size: 471KB

.reloc
Size: 36KB - Virtual size: 35KB