WNetWatcher.exe
This report is generated from a file or URL submitted to this webservice on February 8th 2019 13:17:35 (UTC) and action script Heavy Anti-Evasion
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.30 © Hybrid Analysis
Incident Response
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 13
-
Anti-Reverse Engineering
-
Possibly checks for known debuggers/analysis tools
- details
-
"Broadband Networks, Inc.
A0-06-27 NEXPA System
30-33-35 Boosty
18-D5-B6 SMG Holdings LLC
C8-FF-77 Dyson Limited
C0-3D-46 Shanghai Mochui Network Technology Co., Ltd
DC-F1-10 Nokia Corporation
54-DF-00 Ulterius Technologies, LLC
E0-1D-38 Beijing HuaqinWorld Technology Co.,Ltd
D8-0C-CF C.G.V. S.A.S.
14-3D-F2 Beijing Shidai Hongyuan Network Communication Co.,Ltd
B0-D5-9D Shenzhen Zowee Technology Co., Ltd
C4-91-3A Shenzhen Sanland Electronic Co., ltd.
60-B6-17 Fiberhome Telecommunication Tech.Co.,Ltd.
A4-60-32 MRV Communications (Networks) LTD
20-5A-00 Coval
0C-20-26 noax Technologies AG
24-0A-11 TCT Mobile Limited
88-0F-B6 Jabil Circuits India Pvt Ltd,-EHTP unit
C4-62-6B ZPT Vigantice
74-F8-5D Berkeley Nucleonics Corp
08-D8-33 Shenzhen RF Technology Co,.Ltd
48-EE-07 Silver Palm Technologies LLC
9C-FB-F1 MESOMATIC GmbH & Co.KG
94-C0-14 Sorter Sp. j. Konrad Grzeszczyk MichaA, Ziomek
10-27-BE TVIP
20-87-AC AES motomation
A8-24-EB ZAO NPO Introtest
44-7E-76 Trek Technology (S) Pte Ltd
E8-FC-60 ELCOM Innovations Pr" (Indicator: "ntice") - source
- File/Memory
- relevance
- 2/10
-
Possibly checks for known debuggers/analysis tools
-
Environment Awareness
-
Possibly tries to implement anti-virtualization techniques
- details
-
"uti Networks Ltd.
00-1B-51 Vector Technology Corp.
00-1B-45 ABB AS, Division Automation Products
00-1B-4A W&W Communications, Inc.
00-1B-43 Beijing DG Telecommunications equipment Co.,Ltd
00-1B-3E Curtis, Inc.
00-1B-37 Computec Oy
00-1B-32 QLogic Corporation
00-1B-2B Cisco Systems, Inc
00-1B-C9 FSN DISPLAY INC
00-1B-C2 Integrated Control Technology Limitied
00-1B-BC Silver Peak Systems, Inc.
00-1B-BD FMC Kongsberg Subsea AS
00-1B-B3 Condalo GmbH
00-1B-B8 BLUEWAY ELECTRONIC CO;LTD
00-1B-AC Curtiss Wright Controls Embedded Computing
00-1B-B1 Wistron Neweb Corp.
00-1B-B2 Intellect International NV
00-1B-A5 MyungMin Systems, Inc.
00-1B-A0 Awox
00-1B-99 KS System GmbH
00-1C-14 VMware, Inc
00-1C-1B Hyperstone GmbH
00-1C-0F Cisco Systems, Inc
00-1C-08 Echo360, Inc.
00-1C-02 Pano Logic
00-1C-01 ABB Oy Drives
00-1C-03 Betty TV Technology AG
00-1B-92 l-acoustics
00-1B-8D Electronic Computer Systems, Inc.
00-1B-88 Divinet Access Technologies Ltd
00-1B-83 Finsoft Ltd
00-1B-7C A & R Cambridge
00-1B-76 Ripcode, Inc.
00-1B-" (Indicator: "vmware")
"rr GmbH
00-0B-2A HOWTEL Co., Ltd.
00-0B-2C Eiki Industrial Co. Ltd.
00-0C-97 NV ADB TTV Technologies SA
00-0C-9C Chongho information & communications
00-0C-9E MemoryLink Corp.
00-0C-89 AC Electric Vehicles, Ltd.
00-0C-8B Connect Tech Inc
00-0C-90 Octasic Inc.
00-0C-84 Eazix, Inc.
00-0C-75 Oriental integrated electronics. LTD
00-0C-77 Life Racing Ltd
00-0C-7C Internet Information Image Inc.
00-0C-43 Ralink Technology, Corp.
00-0C-45 Animation Technologies Inc.
00-0C-29 VMware, Inc.
00-0C-3C MediaChorus, Inc.
00-0C-32 Avionic Design Development GmbH
00-0C-35 KaVo Dental GmbH & Co. KG
00-0C-2B ELIAS Technology, Inc.
00-0C-28 RIFATRON
00-0C-1C MicroWeb Co., Ltd.
00-0C-64 X2 MSA Group
00-0C-69 National Radio Astronomy Observatory
00-0C-70 ACC GmbH
00-0C-51 Scientific Technologies Inc.
00-0C-56 Megatel Computer (1986) Corp.
00-0C-58 M&S Systems
00-0C-5D CHIC TECHNOLOGY (CHINA) CORP.
00-0C-4A Cygnus Microsystems (P) Limited
00-0C-C8 Xytronix Research & Design, Inc.
00-0C-BB ISKRAEMECO
00-0C-B5 Premier Technolgies, I" (Indicator: "vmware")
"tion
00-50-1B ABL CANADA, INC.
00-50-36 NETCAM, LTD.
00-50-C9 MASPRO DENKOH CORP.
00-50-09 PHILIPS BROADBAND NETWORKS
00-50-C4 IMD
00-50-A3 TransMedia Communications, Inc.
00-50-99 3COM EUROPE, LTD.
00-50-A4 IO TECH, INC.
00-50-B3 VOICEBOARD CORPORATION
00-50-B7 BOSER TECHNOLOGY CO., LTD.
00-50-56 VMware, Inc.
00-90-8D VICKERS ELECTRONICS SYSTEMS
00-90-42 ECCS, Inc.
00-90-51 ULTIMATE TECHNOLOGY CORP.
00-90-FF TELLUS TECHNOLOGY INC.
00-90-18 ITO ELECTRIC INDUSTRY CO, LTD.
00-90-02 ALLGON AB
00-90-16 ZAC
00-90-05 PROTECH SYSTEMS CO., LTD.
00-90-1E Selesta Ingegneria S.p.A.
00-90-90 I-BUS
00-90-AA INDIGO ACTIVE VISION SYSTEMS LIMITED
00-90-3A NIHON MEDIA TOOL INC.
00-90-55 PARKER HANNIFIN CORPORATION COMPUMOTOR DIVISION
00-90-9F DIGI-DATA CORPORATION
00-90-E4 NEC AMERICA, INC.
00-90-13 SAMSAN CORP.
00-90-CC Planex Communications
00-90-FA Emulex Corporation
00-90-04 3COM EUROPE LTD.
00-90-E1 TELENA S.P.A.
00-50-4A ELTECO A.S.
00-50-4C Galil Motion Control
00-50-21 EIS INTERNATIONAL, INC.
00-50-6E CORDER ENGINEERI" (Indicator: "vmware")
"4 Red Lion Controls Inc.
00-05-F1 Vrcom, Inc.
00-05-FD PacketLight Networks Ltd.
00-05-E2 Creativ Network Technologies
00-05-DC Cisco Systems, Inc
00-05-E1 Trellis Photonics, Ltd.
00-05-D8 Arescom, Inc.
00-05-D7 Vista Imaging, Inc.
00-05-C5 Flaga HF
00-05-D1 Metavector Technologies
00-05-D2 DAP Technologies
00-05-CB ROIS Technologies, Inc.
00-05-7F Acqis Technology
00-05-79 Universal Control Solution Corp.
00-05-75 CDS-Electronics BV
00-05-6F Innomedia Technologies Pvt. Ltd.
00-05-69 VMware, Inc.
00-05-68 Piltofish Networks AB
00-05-62 Digital View Limited
00-05-5C Kowa Company, Ltd.
00-05-56 360 Systems
00-05-50 Vcomms Connect Limited
00-05-45 Internet Photonics
00-05-3F VisionTek, Inc.
00-05-46 KDDI Network & Solultions Inc.
00-06-AA VT Miltope
00-06-A9 Universal Instruments Corp.
00-06-A0 Mx Imaging
00-06-9F Kuokoa Networks
00-06-99 Vida Design Co.
00-06-93 Flexus Computer Technology, Inc.
00-06-9A e & Tel
00-06-8D SEPATON, Inc.
00-06-87 Omnitron Systems Technology, Inc.
00-06-80 Card Access, Inc.
00-05-39" (Indicator: "vmware") - source
- File/Memory
- relevance
- 4/10
-
Reads the active computer name
- details
- "WNetWatcher.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
- source
- Registry Access
- relevance
- 5/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Possibly tries to implement anti-virtualization techniques
-
General
-
Found a potential E-Mail address in binary/memory
- details
- Pattern match: "support@nirsoft.net0"
- source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Installation/Persistance
-
Monitors specific registry key for changes
- details
-
"WNetWatcher.exe" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1; Subtree: 6656256)
"WNetWatcher.exe" monitors "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1; Subtree: 6656256) - source
- API Call
- relevance
- 4/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Monitors specific registry key for changes
-
Network Related
-
Found potential IP address in binary/memory
- details
-
"192.168.0.1"
"192.168.0.255" - source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Remote Access Related
-
Reads terminal service related keys (often RDP related)
- details
- "WNetWatcher.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
- source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1076 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads terminal service related keys (often RDP related)
-
System Destruction
-
Opens file with deletion access rights
- details
- "WNetWatcher.exe" opened "C:\report.html" with delete access
- source
- API Call
- relevance
- 7/10
-
Opens file with deletion access rights
-
Unusual Characteristics
-
Imports suspicious APIs
- details
-
RegCloseKey
RegOpenKeyExW
GetModuleFileNameW
GetVersionExW
GetFileAttributesW
GetFileSize
OpenProcess
LockResource
LoadLibraryExW
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GetProcAddress
GetTempFileNameW
GetModuleHandleA
WriteFile
CreateThread
LoadLibraryW
GetTempPathW
GetModuleHandleW
FindResourceW
CreateFileW
CreateProcessW
Sleep
ShellExecuteW
GetCursorPos
WSAStartup
connect
closesocket - source
- Static Parser
- relevance
- 1/10
-
Installs hooks/patches the running process
- details
-
"WNetWatcher.exe" wrote bytes "711177027a3b7602ab8b02007f950200fc8c0200729602006cc805001ecd73027d267302" to virtual address "0x753107E4" (part of module "USER32.DLL")
"WNetWatcher.exe" wrote bytes "c0dfa2771cf9a177ccf8a1770d64a37700000000c011507700000000fc3e507700000000e0135077000000009457687525e0a277c6e0a27700000000bc6a677500000000cf3150770000000093196875000000002c32507700000000" to virtual address "0x75B71000" (part of module "NSI.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads information about supported languages
- details
- "WNetWatcher.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
- source
- Registry Access
- relevance
- 3/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Imports suspicious APIs
-
Hiding 2 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 13
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
-
0/34 Antivirus vendors marked sample as malicious (0% detection rate)
0/67 Antivirus vendors marked sample as malicious (0% detection rate) - source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Contains PDB pathways
- details
- "c:\Projects\VS2005\WNetWatcher\Release\WNetWatcher.pdb"
- source
- File/Memory
- relevance
- 1/10
-
Sample shows a variety of benign indicators
- details
- The input file/all extracted files were not detected as malicious and the input file is signed with a validated certificate
- source
- Indicator Combinations
- relevance
- 10/10
-
The input sample is signed with a certificate
- details
-
The input sample is signed with a certificate issued by "CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE" (SHA1: 8A:D5:C9:98:7E:6F:19:0B:D6:F5:41:6E:2D:E4:4C:CD:64:1D:8C:DA; see report for more information)
The input sample is signed with a certificate issued by "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US" (SHA1: DF:94:6A:5E:50:30:15:77:7F:D2:2F:46:B5:62:4E:CD:27:BE:E3:76; see report for more information)
The input sample is signed with a certificate issued by "CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US" (SHA1: B6:47:71:39:25:38:D1:EB:7A:92:81:99:87:91:C1:4A:FD:0C:50:35; see report for more information)
The input sample is signed with a certificate issued by "CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB" (SHA1: A8:0B:AE:DA:57:3D:F2:71:2F:23:A4:18:57:E6:48:47:5E:AC:9B:A5; see report for more information) - source
- Certificate Data
- relevance
- 10/10
- ATT&CK ID
- T1116 (Show technique in the MITRE ATT&CK™ matrix)
-
The input sample is signed with a valid certificate
- details
- The entire certificate chain of the input sample was validated successfully.
- source
- Certificate Data
- relevance
- 10/10
-
Contains PDB pathways
-
Installation/Persistance
-
Connects to LPC ports
- details
- "WNetWatcher.exe" connecting to "\ThemeApiPort"
- source
- API Call
- relevance
- 1/10
-
Dropped files
- details
- "WNetWatcher.cfg" has type "data"
- source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"WNetWatcher.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"WNetWatcher.exe" touched file "%WINDIR%\Fonts\StaticCache.dat"
"WNetWatcher.exe" touched file "%WINDIR%\SysWOW64\en-US\msctf.dll.mui" - source
- API Call
- relevance
- 7/10
-
Connects to LPC ports
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://www.usertrust.com1"
Pattern match: "crl.usertrust.com/AddTrustExternalCARoot.crl05"
Pattern match: "http://ocsp.usertrust.com0"
Pattern match: "crl.usertrust.com/UTN-USERFirst-Object.crl05"
Pattern match: "crl.usertrust.com/UTN-USERFirst-Object.crl0t"
Pattern match: "crt.usertrust.com/UTNAddTrustObject_CA.crt0%"
Pattern match: "https://secure.comodo.net/CPS0A"
Pattern match: "crl.comodoca.com/COMODOCodeSigningCA2.crl0r"
Pattern match: "crt.comodoca.com/COMODOCodeSigningCA2.crt0$"
Pattern match: "http://ocsp.comodoca.com0"
Pattern match: "http://www.nirsoft.net/" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"PO MOBILE TELECOMMUNICATIONS CORP.,LTD
E8-EF-89 OPMEX Tech.
F4-C4-47 Coagent International Enterprise Limited
08-DF-1F Bose Corporation
54-2A-A2 Alpha Networks Inc.
58-23-8C Technicolor CH USA
84-94-8C Hitron Technologies. Inc
CC-A0-E5 DZG Metering GmbH
30-59-B7 Microsoft
80-41-4E BBK Electronics Corp., Ltd.,
08-74-F6 Winterhalter Gastronom GmbH
FC-C2-DE Murata Manufacturing Co., Ltd.
1C-1C-FD Dalian Hi-Think Computer Technology, Corp
70-62-B8 D-Link International
B8-75-C0 PayPal, Inc.
E4-7F-B2 FUJITSU LIMITED
38-26-2B UTran Technology
20-ED-74 Ability enterprise co.,Ltd.
98-2F-3C Sichuan Changhong Electric Ltd.
78-24-AF ASUSTek COMPUTER INC.
0C-AC-05 Unitend Technologies Inc.
B4-B8-59 Texa Spa
04-5C-8E gosund GROUP CO.,LTD
54-B7-53 Hunan Fenghui Yinjia Science And Technology Co.,Ltd
48-26-E8 Tek-Air Systems, Inc.
A0-12-DB TABUCHI ELECTRIC CO.,LTD
AC-B8-59 Uniband Electronic Corp,
10-0F-18 Fu Gang Electronic(KunShan)CO.,LTD
C8-D5-90 FLIGHT DATA SYSTEMS
70-93-83 Intelligent Optical Network High Tech CO.,LTD.
3" (Indicator: "paypal")
"ration
00-06-A3 Bitran Corporation
00-06-9D Petards Ltd
00-06-A7 Primarion
00-06-57 Market Central, Inc.
00-06-97 R & D Center
00-06-91 PT Inovacao
00-05-C7 I/F-COM A/S
00-05-CE Prolink Microsystems Corporation
00-05-C1 A-Kyung Motion, Inc.
00-05-BB Myspace AB
00-05-9B Cisco Systems, Inc
00-05-A7 Hyperchip, Inc.
00-05-B5 Broadcom Technologies
00-05-9A Cisco Systems, Inc
00-05-A1 Zenocom
00-05-AB Cyber Fone, Inc.
00-05-88 Sensoria Corp.
00-05-8E Flextronics International GmbH & Co. Nfg. KG
00-06-12 Accusys, Inc.
00-06-09 Crossport Systems
00-06-0F Narad Networks Inc
00-06-02 Cirkitech Electronics Co.
00-05-ED Technikum Joanneum GmbH
00-06-00 Toshiba Teli Corporation
00-05-E7 Netrake an AudioCodes Company
00-05-F3 Webyn
00-05-FA IPOptical, Inc.
00-05-DE Gi Fone Korea, Inc.
00-05-DA Apex Automationstechnik
00-05-C8 VERYTECH
00-05-D4 FutureSmart Networks, Inc.
00-05-CD Denon, Ltd.
00-06-EC Harris Corporation
00-06-DF AIDONIC Corporation
00-06-E0 MAT Co., Ltd.
00-06-E5 Fujian Newland Computer Ltd. Co.
00-06-DB ICH" (Indicator: "myspace") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
System Security
-
Creates or modifies windows services
- details
- "WNetWatcher.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS")
- source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
- "WNetWatcher.exe" opened "\Device\KsecDD"
- source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1215 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates or modifies windows services
-
Unusual Characteristics
-
Matched Compiler/Packer signature
- details
- "b4ea21c80f76e2c0af0354cc40ebf1f29595576af3e923a654d71345f9b25363.bin" was detected as "Visual C++ 2003 EXE -> Microsoft"
- source
- Static Parser
- relevance
- 10/10
- ATT&CK ID
- T1002 (Show technique in the MITRE ATT&CK™ matrix)
-
Matched Compiler/Packer signature
File Details
WNetWatcher.exe
- Filename
- WNetWatcher.exe
- Size
- 754KiB (771680 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- b4ea21c80f76e2c0af0354cc40ebf1f29595576af3e923a654d71345f9b25363
- MD5
- e9487acdc63032d4948b79ad2a83ffc9
- SHA1
- 899e1b561d1c7e8f2b71f3583fc399fbf840179d
- ssdeep
- 12288:WhZgM1+tE98HrMhFGw56qGaP0KITVuOUH2pe1xiq6WtfrRp0I0wfaCLikh59odlI:L4+tE98HEFGw56qvP0KkuOUH2pe1xAI3
- imphash
- 976cf12e0fff25d3148df03787ae7d01
- authentihash
- b0df19e6cad454c924b3fb104c16bef09ea18efc71bf46dcf227606f7139abe7
- Compiler/Packer
- Visual C++ 2003 EXE -> Microsoft
- PDB Timestamp
- 12/22/2015 12:01:39 (UTC)
- PDB Pathway
- c:\Projects\VS2005\WNetWatcher\Release\WNetWatcher.pdb
- PDB GUID
- 67856CB5A028472CA6D8551698724D2C
Version Info
- LegalCopyright
- Copyright 2011 - 2015 Nir Sofer
- InternalName
- Wireless Network Watcher
- FileVersion
- 1.91
- CompanyName
- NirSoft
- ProductName
- Wireless Network Watcher
- ProductVersion
- 1.91
- FileDescription
- Wireless Network Watcher
- OriginalFilename
- WNetWatcher.exe
- Translation
- 0x0409 0x04b0
File Metadata
- 1 .OBJ Files (COFF) linked with LINK.EXE 8.00 (Visual Studio 2005) (build: 50727)
- 1 .RES Files linked with CVTRES.EXE 8.00 (Visual Studio 2005) (build: 50727)
- 31 .CPP Files (with LTCG) compiled with CL.EXE 14.00 (Visual Studio 2005) (build: 50727)
- 3 .LIB Files generated with LIB.EXE 7.00 (Visual Studio .NET 2002) (build: 9210)
- 11 .C Files compiled with CL.EXE 13.10 (Visual Studio .NET 2003) (build: 9178)
- 3 .ASM Files assembled with MASM 7.00 (Visual Studio .NET 2002) (build: 9210)
- 22 .LIB Files generated with LIB.EXE 7.10 (Visual Studio .NET 2003) (build: 4035)
- 2 .C Files compiled with CL.EXE 13.10 (Visual Studio .NET 2003) (build: 4035)
- File contains C++ code
- File appears to contain raw COFF/OMF content
- File was optimized using LTCG and/or POGO
- File is the product of a medium codebase (31 files)
File Sections
Details | ||||||
---|---|---|---|---|---|---|
File Resources
Details | ||||
---|---|---|---|---|
File Imports
File Certificates
Certificate chain was successfully validated.
Download Certificate File (6.1KiB)Owner | Issuer | Validity | Hashes (MD5, SHA1) |
---|---|---|---|
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US | CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Serial: 421af2940984191f520a4bc62426a74b |
06/07/2005 10:09:10 05/30/2020 12:48:38 |
FF:5F:BC:42:90:FA:38:9E:79:84:67:EB:D7:AE:94:0B 8A:D5:C9:98:7E:6F:19:0B:D6:F5:41:6E:2D:E4:4C:CD:64:1D:8C:DA |
CN=COMODO Time Stamping Signer, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Serial: 9feac811b0f16247a5fc20d80523ace6 |
05/05/2015 02:00:00 01/01/2016 00:59:59 |
F2:17:B7:C9:BD:6D:39:3C:A1:70:7F:C3:59:7C:1E:26 DF:94:6A:5E:50:30:15:77:7F:D2:2F:46:B5:62:4E:CD:27:BE:E3:76 |
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Serial: 10709d4ff55408d7306001d8ea9175bb |
08/24/2011 02:00:00 05/30/2020 12:48:38 |
DB:84:B1:A0:71:5C:FD:1E:33:D1:93:5D:DC:9B:EB:4E B6:47:71:39:25:38:D1:EB:7A:92:81:99:87:91:C1:4A:FD:0C:50:35 |
CN=Nir Sofer, O=Nir Sofer, STREET=5 Hashoshanim st., L=Ramat Gan, ST=Gush Dan, OID.2.5.4.17=52583, C=IL | CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial: 1af0660e837a35a2cd92ec613fc15db8 |
09/12/2014 02:00:00 09/13/2019 01:59:59 |
20:08:03:20:FB:D4:63:05:C5:57:81:75:AB:0A:9E:AA A8:0B:AE:DA:57:3D:F2:71:2F:23:A4:18:57:E6:48:47:5E:AC:9B:A5 |
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total (System Resource Monitor).
- WNetWatcher.exe (PID: 3536)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative 1
-
-
WNetWatcher.cfg
- Size
- 2.5KiB (2555 bytes)
- Type
- data
- Runtime Process
- WNetWatcher.exe (PID: 3536)
- MD5
- 2fb028c6e669d379a4505d29a5dd713c
- SHA1
- d0b6a3cd387c04e5eed4ae1ab9af346778a04e9c
- SHA256
- 7967d6e18089816d090ecd51051a200fd0e8db2ba75d683325797488e8d6f4f0
-