WNetWatcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WNetWatcher.exe
Size

658KB
MD5

583ea46adaf5d3a843ad2e4bd7494c7d
SHA1

434d99386cf7b582b926032a5c6289c533eaf04f
SHA256

f394b392c519b08881e6f2503038e3a3b9954917ee6944b32e00ecd3dc3cfca7
SHA512

0569dad72eef5c9394b1f07d0ac727f2a281ec58d3a9eddec3aaf69171fecec2ab900526c859c3965bcada8a9b1412f256bd4fee24413bb6b4976a78a56f16e0
SSDEEP

12288:Gn8IykraROOBTnvMNqQLCL/OJ0lHD/qhiD2oC9O:+8IhrYOsTnvMcQLCL/OJ0lHD/qhg2oCg

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WNetWatcher.exe

Files

WNetWatcher.exe
.exe windows:4 windows x86 arch:x86

4dbe81aa9d1bf0aac65ef7200537b3aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\WNetWatcher\Release\WNetWatcher.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_purecall
_wcslwr
_itow
_exit
__p__fmode
_wcsicmp
strlen
malloc
_ultow
wcschr
wcscmp
free
modf
_memicmp
_wtoi
wcstoul
__set_app_type
_controlfp
atoi
_except_handler3
??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
memcpy
wcsrchr
memcmp
wcscpy
memset
wcscat
_snwprintf
_c_exit
wcsncat
_onexit
__dllonexit
strtoul
strncpy
strcpy
strcmp

comctl32

ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

connect
WSAGetLastError
htons
WSASetLastError
closesocket
gethostbyaddr
WSACleanup
WSAStartup
WSAAsyncSelect

kernel32

GetCurrentProcess
ExitProcess
GetCurrentProcessId
ReadProcessMemory
DeleteFileW
SetErrorMode
CreateThread
ResumeThread
Sleep
GetStdHandle
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
OpenProcess
GetWindowsDirectoryW
GetFileAttributesW
CloseHandle
GetModuleHandleW
GetTimeFormatW
GetFileSize
GetTempFileNameW
GetVersionExW
GetDateFormatW
FormatMessageW
GlobalLock
SizeofResource
GetLastError
GetLocaleInfoW
GetTempPathW
WideCharToMultiByte
FileTimeToLocalFileTime
CompareFileTime
GetSystemTimeAsFileTime
DeleteCriticalSection
FreeLibrary
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
ReadFile
GetModuleFileNameW
WriteFile
CreateFileW
GetNumberFormatW
LocalFree
LockResource
MultiByteToWideChar
lstrcpyW
FindResourceW
lstrlenW
LoadResource
GlobalAlloc
LoadLibraryExW
GlobalUnlock

user32

SetForegroundWindow
DispatchMessageW
DrawTextExW
SetTimer
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
KillTimer
MessageBeep
DestroyMenu
DialogBoxParamW
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
GetWindowTextW
SetWindowPos
LoadStringW
EnumChildWindows
DestroyWindow
CreateDialogParamW
CloseClipboard
CheckMenuItem
GetMenuItemCount
GetMenuStringW
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
GetWindow
DrawFrameControl
SetDlgItemInt
SetWindowTextW
BeginPaint
UpdateWindow
GetClientRect
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
EndPaint
GetDlgItem
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
SetMenu
LoadImageW
LoadIconW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetCursorPos
GetParent
GetSysColor
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow

gdi32

SetBkColor
GetTextExtentPoint32W
GetDeviceCaps
SelectObject
DeleteObject
SetTextColor
CreateFontIndirectW
SetBkMode
GetStockObject

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegOpenKeyExW

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 599KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4dbe81aa9d1bf0aac65ef7200537b3aa

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 599KB - Virtual size: 627KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 599KB - Virtual size: 627KB