× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: dbdea2f6b59a650407d67b7e57ecd2081e5d3ca8a857cb33a6d25e716a9c4def
Nome do arquivo: WNetWatcher.exe
Taxa de detecção: 0 / 44
Data da análise: 2013-08-10 15:42:50 UTC ( 3 anos, 8 meses atrás ) Visualizar últimos
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivírus Resultado Atualização
Yandex 20130809
AhnLab-V3 20130810
AntiVir 20130810
Antiy-AVL 20130810
Avast 20130810
AVG 20130810
BitDefender 20130810
ByteHero 20130724
CAT-QuickHeal 20130808
ClamAV 20130810
Commtouch 20130810
Comodo 20130810
DrWeb 20130810
Emsisoft 20130810
ESET-NOD32 20130810
F-Prot 20130810
F-Secure 20130810
Fortinet 20130810
GData 20130810
Ikarus 20130810
Jiangmin 20130810
K7AntiVirus 20130809
K7GW 20130809
Kaspersky 20130810
Kingsoft 20130723
Malwarebytes 20130810
McAfee 20130810
McAfee-GW-Edition 20130810
Microsoft 20130810
eScan 20130810
NANO-Antivirus 20130810
Norman 20130810
nProtect 20130809
Panda 20130810
PCTools 20130810
Rising 20130809
SUPERAntiSpyware 20130810
Symantec 20130810
TheHacker 20130810
TotalDefense 20130809
TrendMicro 20130810
TrendMicro-HouseCall 20130810
VBA32 20130809
VIPRE 20130810
ViRobot 20130810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2011 - 2013 Nir Sofer

Product Wireless Network Watcher
Original name WNetWatcher.exe
Internal name Wireless Network Watcher
File version 1.58
Description Wireless Network Watcher
Signature verification Signed file, verified signature
Signing date 12:02 PM 2/20/2013
Signers
[+] Nir Sofer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 9/17/2012
Valid to 12:59 AM 9/18/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 33D254C711937B469D1B08EF15B0A9F5B4D27250
Serial number 00 A1 A3 E7 28 0E 0A 2D F1 2F 84 30 96 49 82 05 19
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-20 10:56:09
Entry Point 0x0000D9D6
Number of sections 4
PE sections
Overlays
MD5 f7759ba254594f3a636fe815f0c1aca7
File type data
Offset 780288
Size 6240
Entropy 7.41
PE imports
RegCloseKey
RegOpenKeyExW
CreateToolbarEx
CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetStockObject
SelectObject
SetBkMode
SetBkColor
GetTextExtentPoint32W
SetTextColor
GetLastError
GetStdHandle
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryW
FindResourceW
GetVersionExW
FreeLibrary
GetModuleFileNameW
ExitProcess
GlobalUnlock
GetFileAttributesW
GlobalAlloc
lstrlenW
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
GetCurrentProcessId
OpenProcess
LockResource
WideCharToMultiByte
GetDateFormatW
SetErrorMode
MultiByteToWideChar
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
EnumResourceNamesW
GetTimeFormatW
lstrcpyW
CreateThread
GetProcAddress
GetModuleHandleA
ReadFile
GetTempPathW
CloseHandle
GetSystemTimeAsFileTime
EnumResourceTypesW
GetModuleHandleW
LocalFree
FormatMessageW
ResumeThread
GetWindowsDirectoryW
LoadResource
WriteFile
CreateFileW
GetNumberFormatW
CreateProcessW
Sleep
GetLocaleInfoW
GetFileSize
LoadLibraryExW
Shell_NotifyIconW
ShellExecuteW
SHGetFileInfoW
SetFocus
RegisterWindowMessageW
GetParent
EnableWindow
UpdateWindow
DrawTextExW
EndDialog
PostQuitMessage
DeferWindowPos
KillTimer
DestroyMenu
EnumChildWindows
SetClipboardData
GetMessageW
CheckMenuRadioItem
MessageBeep
DrawFrameControl
LoadMenuW
SetWindowPos
SetDlgItemInt
GetSystemMetrics
SetWindowLongW
MessageBoxW
GetMenu
GetWindowRect
EndPaint
SetMenu
SetWindowPlacement
MoveWindow
DialogBoxParamW
MapWindowPoints
ChildWindowFromPoint
CloseClipboard
TranslateMessage
BeginPaint
GetWindow
PostMessageW
GetSysColor
GetDlgItemInt
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
EndDeferWindowPos
CheckMenuItem
SendMessageW
ShowWindow
TranslateAcceleratorW
GetMenuStringW
SendDlgItemMessageW
BeginDeferWindowPos
GetWindowPlacement
EmptyClipboard
LoadStringW
SetWindowTextW
GetCursorPos
GetDlgItem
DefWindowProcW
SetCursor
LoadImageW
GetDC
RegisterClassW
InvalidateRect
GetSubMenu
SetTimer
GetClientRect
GetClassNameW
TrackPopupMenu
IsDialogMessageW
GetMenuItemCount
OpenClipboard
ModifyMenuW
GetWindowTextW
EnableMenuItem
GetSysColorBrush
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
SetForegroundWindow
GetDlgItemTextW
DestroyWindow
GetMenuItemInfoW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
mciSendStringW
WSAAsyncSelect
WSAStartup
connect
WSACleanup
WSASetLastError
htons
closesocket
gethostbyaddr
WSAGetLastError
FindTextW
GetSaveFileNameW
GetOpenFileNameW
_purecall
__p__fmode
malloc
__wgetmainargs
wcstoul
memset
wcschr
__dllonexit
_wcslwr
_onexit
_ultow
strtoul
wcscpy
strlen
_memicmp
strncpy
_except_handler3
_c_exit
??2@YAPAXI@Z
qsort
memcpy
wcslen
wcscmp
exit
_XcptFilter
memcmp
wcsncat
__setusermatherr
__p__commode
_wcmdln
_cexit
_wcsicmp
_exit
_adjust_fdiv
_itow
??3@YAXPAX@Z
free
wcscat
atoi
_controlfp
_snwprintf
memmove
wcsrchr
strcpy
modf
_initterm
_wtoi
strcmp
__set_app_type
Number of PE resources by type
RT_STRING 8
RT_DIALOG 6
RT_ICON 5
RT_GROUP_ICON 4
RT_MENU 3
RT_BITMAP 3
BIN 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
HEBREW DEFAULT 19
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
726016

ImageVersion
0.0

ProductName
Wireless Network Watcher

FileVersionNumber
1.5.8.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
WNetWatcher.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.58

TimeStamp
2013:02:20 11:56:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wireless Network Watcher

ProductVersion
1.58

FileDescription
Wireless Network Watcher

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2011 - 2013 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
53248

FileSubtype
0

ProductVersionNumber
1.5.8.0

EntryPoint
0xd9d6

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 bd4df5eeaacf54fcd75f54d88703bf6f
SHA1 29be2bc2e905aeb93b9d4dbc91a139c28fb592fb
SHA256 dbdea2f6b59a650407d67b7e57ecd2081e5d3ca8a857cb33a6d25e716a9c4def
ssdeep
24576:686f5LMiT0zZEQ8CbcQJOow2gqlahiQ14zrISUc3:686f5LMiT0dEQ8CbcQJOow2gqlahiQ1E

authentihash 5cf1f75053ed6cc68951c91b2520f4d4964a478ee180aab89bbefa0533fbf675
imphash 48b8f58acd3d20f312db75066bf058bd
File size 768.1 KB ( 786528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-02-21 09:26:50 UTC ( 4 anos, 2 meses atrás )
Last submission 2017-03-10 03:04:57 UTC ( 1 mês, 2 semanas atrás )
Nomes do arquivo file-5284336_exe
WNetWatcher.exe
WNetWatcher.exe
WNetWatcher.exe
WNetWatcher.exe
WNetWatcher.exe
Wiireless Net Watcher.exe
filename
WNetWatcher.exe
wnetwatcher.exe
Wireless Network Watcher
WNetWatcher.exe
WNetWatcher.exe
WNetWatcher.exe
WNetWatcher.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.