wbengine.exe

  • File Path: C:\Windows\system32\wbengine.exe
  • Description: Microsoft Block Level Backup Engine Service EXE

Hashes

Type Hash
MD5 17270A354A66590953C4AAC1CF54E507
SHA1 715BABCC8E46B02AC498F4F06DF7937904D9798D
SHA256 9954394B43783061F9290706320CC65597C29176D5B8E7A26FA1D6B3536832B4
SHA384 65E8560FE49C4964A7E8B61C4AC74D6924FE28098D49126F4AE73E09D39423DEBA336EE353FEF01FE00B0B6D9881580C
SHA512 6BE0BA6BE84D01AB47F5A4CA98A6B940C43BD2D1E1A273D41C3E88ACA47DA11D932024B007716D1A6FFE6CEE396B0E3E6971AB2AFC293E72472F2E61C17B2A89
SSDEEP 49152:5WcnPqQUGpuphwC0DNLDpaRFXrLuWGMKuIK:h0zuNI
IMP DCB1AF9EF2E2CA490391D7B29D744188
PESHA1 E8412BC65EDB5A9ABFB8517AE11F74E7BB1C3F37
PE256 6CE5EC6C8EA8C8D1FAC60B0F1F804BE716EBF0E061C1A509316144822486C3EE

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\wbengine.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wbengine.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/9954394b43783061f9290706320cc65597c29176d5b8e7a26fa1d6b3536832b4/detection

Possible Misuse

The following table contains possible examples of wbengine.exe being misused. While wbengine.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_creation_system_file.yml Image: 'C:\Windows\system32\wbengine.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.