Static task
static1
General
-
Target
WNetWatcher.exe
-
Size
1.2MB
-
MD5
cdde3a054aa568a905158758157df112
-
SHA1
5e29d892a93b79ea8c5f8f2bc1d316528a93873e
-
SHA256
83ed74e05c4778d42d5ca499e2fb31093d01a3be2730804d2fbb0e87eb804ac8
-
SHA512
87495e9148e684387fefd6d6ca620aceb0dbbed62d48a63fa52099cf47bc2d813ecb1b77c8fda9429aced7639df25bd69733f5391cb5660c9ce9d1bd4c3d6696
-
SSDEEP
24576:Wj8jBhdkG1/pLOyEqlebClPdhVwqL8gNvND/Bj4t1TLOGQL20f0YNrUoBkYq1+e7:Wj8jBhdk+/1OyEqlebClPzVww8gNvNDW
Malware Config
Signatures
-
Detected Nirsoft tools 1 IoCs
Free utilities often used by attackers which can steal passwords, product keys, etc.
resource yara_rule sample Nirsoft -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource WNetWatcher.exe
Files
-
WNetWatcher.exe.exe windows:4 windows x64 arch:x64
c03443b37fb863ad6c65d70bccabeb49
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
_fmode
_commode
__setusermatherr
strcpy
_purecall
_wcslwr
qsort
_itow
strtoul
strcmp
_initterm
__set_app_type
wcscmp
_ultow
strlen
malloc
_memicmp
free
modf
_wtoi
wcstoul
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
wcschr
wcslen
_wcsnicmp
memcmp
wcsrchr
memcpy
wcscpy
memset
wcsncat
wcscat
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_snwprintf
memmove
_c_exit
atoi
strncpy
comctl32
ImageList_ReplaceIcon
ord17
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ImageList_Add
ImageList_SetOverlayImage
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
ws2_32
WSAAsyncSelect
connect
WSAGetLastError
htons
WSASetLastError
WSAStartup
WSACleanup
gethostbyaddr
closesocket
winmm
mciSendStringW
kernel32
ExitProcess
DeleteFileW
GetLocalTime
GetCurrentDirectoryW
SetErrorMode
Sleep
ResumeThread
GetStdHandle
EnumResourceNamesW
GetCurrentProcessId
ReadProcessMemory
OpenProcess
EnumResourceTypesW
GetStartupInfoW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateThread
FindNextFileW
GetVersionExW
FindFirstFileW
FormatMessageW
SizeofResource
GetFileSize
GlobalLock
GetLocaleInfoW
GetTempPathW
GetTempFileNameW
GlobalUnlock
GetDateFormatW
lstrcpyW
LockResource
LocalFree
lstrlenW
GetNumberFormatW
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW
CompareFileTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetPrivateProfileStringW
ExpandEnvironmentStringsW
DeleteCriticalSection
GetProcAddress
FreeLibrary
SystemTimeToFileTime
GetModuleHandleW
LoadLibraryW
FileTimeToSystemTime
GetLastError
SearchPathW
CreateProcessW
GetCurrentProcess
FindClose
GetTimeFormatW
GetFileAttributesW
WriteFile
FindResourceW
ReadFile
GetModuleFileNameW
LoadResource
CloseHandle
CreateFileW
GetWindowsDirectoryW
GlobalAlloc
LoadLibraryExW
user32
SetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
DispatchMessageW
KillTimer
SetTimer
MessageBeep
DrawTextExW
GetMessageW
PostQuitMessage
TrackPopupMenu
TranslateMessage
RegisterWindowMessageW
IsDialogMessageW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
GetWindowTextW
DestroyWindow
LoadStringW
EnumChildWindows
CreateDialogParamW
DialogBoxParamW
GetMenuItemCount
CheckMenuItem
GetSubMenu
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
ReleaseDC
CreateWindowExW
SetWindowPos
SendDlgItemMessageW
EndDialog
GetDlgItem
GetWindow
GetWindowRect
GetDlgItemInt
InvalidateRect
DrawFrameControl
SetWindowTextW
UpdateWindow
EndPaint
GetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
SetDlgItemInt
SetWindowLongPtrW
BeginPaint
GetSystemMetrics
GetClientRect
DeferWindowPos
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
LoadAcceleratorsW
DefWindowProcW
LoadIconW
LoadImageW
GetSysColor
SetWindowLongW
GetWindowLongW
InsertMenuItemW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetMenuStringW
GetCursorPos
SetClipboardData
CheckMenuRadioItem
EnableWindow
MapWindowPoints
CloseClipboard
GetParent
GetMenu
EmptyClipboard
EnableMenuItem
MoveWindow
GetClassNameW
OpenClipboard
gdi32
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkColor
GetStockObject
GetTextExtentPoint32W
SetStretchBltMode
comdlg32
FindTextW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
shell32
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Sections
.text Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ