Winobj[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Winobj.exe
Size

712KB
MD5

fef8118edf7918d3c795d6ef03800519
SHA1

36c3d3a07472edb4baa220b7e0030cafd9ab1a2f
SHA256

91b8d19a897cac6cfc638b0c195ee541e78781402e1d59dad7f3d532376f32d2
SHA512

6537e8df1f34963eabe844ab23d810ecde858e90c2f9681059450729c522c19d0d2476720ed43b5d21240b094c06863cfce8cb06d5e117b77ee7a1ac9cd4e6f8
SSDEEP

12288:DjqYsDe1+Ydzitc5Cdb3LDh8DF/Qto1GVop8K:qYTHdiO5Cx3YFIq1Ga8K

Score

1^/10

Malware Config

Signatures

Files

Winobj.exe
.exe windows:5 windows x86 arch:x86

b80af39df5c5e0cc858a01dcec9d1151

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fa:57:f0:db:e9:fa:65:62:44:ca:66:4e:5b:00:0b:ff:15:3d:33:ea
Signer

Actual PE Digest

fa:57:f0:db:e9:fa:65:62:44:ca:66:4e:5b:00:0b:ff:15:3d:33:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Winobj\Release\Winobj.pdb

Imports

comctl32

ImageList_Destroy
ord17
ord6
CreateToolbarEx
ImageList_Add
ImageList_GetImageCount
CreatePropertySheetPageA
PropertySheetA
ImageList_Create
ImageList_ReplaceIcon

uxtheme

SetWindowTheme

kernel32

GetModuleHandleA
CompareStringW
CompareStringA
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
WriteFile
ExitProcess
Sleep
GetModuleHandleW
HeapDestroy
HeapCreate
FreeLibrary
FormatMessageA
GetVersion
GetCommandLineA
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetLastError
CloseHandle
GetProcAddress
GetCommandLineW
LoadLibraryA
SetEnvironmentVariableA
LocalFree
LocalAlloc
HeapReAlloc
VirtualAlloc
VirtualFree
EnterCriticalSection
HeapAlloc
HeapFree
GetStartupInfoA
RaiseException
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA

user32

CreateWindowExA
GetClientRect
SendMessageA
InflateRect
SetCursor
LoadCursorA
SetWindowTextA
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamA
LoadIconA
SetWindowLongA
LoadAcceleratorsA
LoadMenuA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
GetMenu
GetSubMenu
InsertMenuA
SetMenuItemInfoA
DrawIconEx
WinHelpA
GetFocus
GetDC
InvertRect
ReleaseDC
PostQuitMessage
SetCapture
ReleaseCapture
DefWindowProcA
LoadStringA
TrackPopupMenu
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UpdateWindow
DialogBoxParamA
MoveWindow
GetSysColor
ChildWindowFromPoint
InvalidateRect
GetWindowRect
IsIconic
IsZoomed
ScreenToClient
LoadBitmapA
PostMessageA
GetParent
SetDlgItemTextA
CheckDlgButton
ShowWindow
EnableWindow
MessageBoxA
wsprintfA
GetCursorPos
SetFocus
GetWindowLongA

gdi32

CreateBrushIndirect
GetStockObject
GetObjectA
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
DeleteObject
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc

comdlg32

PrintDlgA

advapi32

AllocateAndInitializeSid
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
RegOpenKeyA
FreeSid
EqualSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
MapGenericMask

shell32

ShellExecuteA

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b80af39df5c5e0cc858a01dcec9d1151

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

fa:57:f0:db:e9:fa:65:62:44:ca:66:4e:5b:00:0b:ff:15:3d:33:eaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 6KB - Virtual size: 50KB

.rsrc Size: 530KB - Virtual size: 530KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

fa:57:f0:db:e9:fa:65:62:44:ca:66:4e:5b:00:0b:ff:15:3d:33:ea
Signer

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 6KB - Virtual size: 50KB

.rsrc
Size: 530KB - Virtual size: 530KB