Winobj[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Winobj.exe
Size

1.0MB
MD5

f94120e9237202178612a2add0169950
SHA1

0737a42572d3734989d82a2f65e5755a6735ce56
SHA256

75491d71948540371c630d2a8728076dafcddb04bc7010ffb5fe55273528e956
SHA512

0d11ebdfd1f13c9c8b2b31b2544309ff6caa4063d8de4053a60be52646c5eb430331b6f189002fa573670f183440a106a32597ebfb5a5a5a1f3810319ca1e758
SSDEEP

24576:vjyASbPcWn3cNWAxil2b6shjxYWEitEvoVpGg2ErXm:U0Wn7Axil2b6shF1Evov92ErXm

Score

1^/10

Malware Config

Signatures

Files

Winobj.exe
.exe windows:6 windows x86 arch:x86

e30a8aa983433aa8c244bf17ac7c6bda

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:26:35:0c:ca:7c:21:ab:bb:e2:0d:b9:f2:0b:3a:c2:8d:cd:4a:1e:f2:af:d1:93:eb:94:b1:77:f0:41:67:c6
Signer

Actual PE Digest

fa:26:35:0c:ca:7c:21:ab:bb:e2:0d:b9:f2:0b:3a:c2:8d:cd:4a:1e:f2:af:d1:93:eb:94:b1:77:f0:41:67:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\exe\Win32\Release\WinObj.pdb

Imports

kernel32

VirtualQuery
DebugBreak
GetFileSize
SetFilePointer
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FreeLibrary
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameW
FileTimeToLocalFileTime
QueryInformationJobObject
FileTimeToSystemTime
CreateDirectoryW
MulDiv
lstrcmpW
FreeResource
LocalFree
FormatMessageW
DecodePointer
LocalAlloc
GetCommandLineW
GetTickCount64
GetCurrentProcessId
lstrcmpiW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
VirtualProtect
FindClose
GetTimeZoneInformation
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleHandleExW
InterlockedFlushSList
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
WideCharToMultiByte
FormatMessageA
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
MultiByteToWideChar
LoadLibraryW
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
ResumeThread
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
OutputDebugStringW
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
VirtualFree
LeaveCriticalSection
EnterCriticalSection
SetLastError
WriteConsoleW
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GlobalLock
GlobalUnlock
FindFirstFileExW
GlobalAlloc

user32

CheckMenuRadioItem
RemoveMenu
CreatePopupMenu
LoadAcceleratorsW
GetCapture
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
DrawEdge
RegisterWindowMessageW
LoadStringA
EnableMenuItem
GetCursorPos
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ScreenToClient
SetCursor
GetWindowThreadProcessId
MessageBoxW
MonitorFromPoint
MessageBeep
RedrawWindow
GetMenuItemInfoW
ModifyMenuW
InsertMenuW
GetMenuItemCount
GetSubMenu
GetMenuStringW
SetMenu
AppendMenuW
LoadMenuW
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
LoadStringW
GetIconInfo
SetRectEmpty
WindowFromPoint
EnableWindow
SetCursorPos
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SendMessageW
DefWindowProcW
CallWindowProcW
GetWindowDC
UnhookWindowsHookEx
SetMenuDefaultItem
SetMenuItemInfoW
DestroyMenu
LoadImageW
CheckDlgButton
SetDlgItemInt
GetMonitorInfoW
MonitorFromWindow
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
SystemParametersInfoW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetMenu
GetMenuItemID
SetFocus
GetFocus
SetTimer
KillTimer
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetClassNameW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ShowScrollBar
SetScrollPos
ValidateRect
ReleaseDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
GetDlgItem
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
DrawIconEx
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
GetSysColor
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
DrawTextW
LockWindowUpdate

gdi32

GetStockObject
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
CreateSolidBrush
LineTo
GetObjectW
SetTextColor
SetBkMode
SetBkColor
SelectObject
SetTextAlign
ExtTextOutW
SetBrushOrgEx
Polyline
PatBlt
ExcludeClipRect
CreatePatternBrush
CreateBitmap
CreateDIBSection
GetCurrentObject
SetViewportOrgEx
Polygon
TextOutW
BitBlt
MoveToEx
DeleteObject
CreateFontIndirectW
DeleteDC

comdlg32

ChooseFontW

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
MapGenericMask
GetKernelObjectSecurity
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenProcessToken

shell32

SHGetStockIconInfo
ShellExecuteW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr

comctl32

InitCommonControlsEx
ImageList_GetIcon
ImageList_Duplicate
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
CreateStatusWindowW
ImageList_DrawIndirect
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ImageList_Draw

uxtheme

SetWindowTheme
IsThemeActive
IsAppThemed

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

aclui

ord1

Sections

.text
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e30a8aa983433aa8c244bf17ac7c6bda

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:dfCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

fa:26:35:0c:ca:7c:21:ab:bb:e2:0d:b9:f2:0b:3a:c2:8d:cd:4a:1e:f2:af:d1:93:eb:94:b1:77:f0:41:67:c6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

uxtheme

msimg32

version

aclui

Sections

.text Size: 697KB - Virtual size: 697KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 19KB - Virtual size: 24KB

.detourc Size: 14KB - Virtual size: 13KB

.detourd Size: 512B - Virtual size: 36B

.rsrc Size: 147KB - Virtual size: 146KB

.reloc Size: 35KB - Virtual size: 35KB

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

fa:26:35:0c:ca:7c:21:ab:bb:e2:0d:b9:f2:0b:3a:c2:8d:cd:4a:1e:f2:af:d1:93:eb:94:b1:77:f0:41:67:c6
Signer

.text
Size: 697KB - Virtual size: 697KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 19KB - Virtual size: 24KB

.detourc
Size: 14KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.rsrc
Size: 147KB - Virtual size: 146KB

.reloc
Size: 35KB - Virtual size: 35KB