wbengine.exe

  • File Path: C:\Windows\system32\wbengine.exe
  • Description: Microsoft Block Level Backup Engine Service EXE

Hashes

Type Hash
MD5 9CA1D999F01E0F8AEDDE2CFC187B2C0B
SHA1 C66192B63E343DF494A5DC2D9EF268FA1126DFC0
SHA256 5AE95F3F77AAED3067CBA39C5B2CD1790B949027E837B5AF580F2A8D4714FB68
SHA384 9025F8389C63383683EFC1506D7F3D6ECE763D2623B0E244454669C169DF6C44F127495BC770A51C3D709E1C8A70446D
SHA512 56AC22606CA58BB32B752DCCE360D68C10E4B27097A3423D6936FF0BD8F94F4537168C9D361F81DABF487EF71E4BF48EE895AAFADC57C77E8D8D8DE87176BED5
SSDEEP 49152:bjzbr8N77L0toSDJMdZgwaIdzqrDv8Ii:re7yoSFX
IMP DCB1AF9EF2E2CA490391D7B29D744188
PESHA1 6F181B32E130BC69E10DB7A69C498A7218FE705F
PE256 3ADEE4854F8FB275C274B61C1D8B60573BDD7D56A73FE6F3103DB443EC37DA79

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\system32\bcd.dll
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SETUPAPI.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\VirtDisk.dll
C:\Windows\system32\VSSAPI.DLL
C:\Windows\system32\wbengine.exe
C:\Windows\System32\win32u.dll
C:\Windows\System32\WS2_32.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wbengine.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: The operation timed out

Possible Misuse

The following table contains possible examples of wbengine.exe being misused. While wbengine.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_creation_system_file.yml Image: 'C:\Windows\system32\wbengine.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.