» wnetwatcher_setup.exe
Overview
Analysis
File Details
Programs (1)
Downloads (74)

wnetwatcher_setup.exe

Nir Sofer

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from openload.co and multiple other hosts.

File name:

Publisher:

Nir Sofer (signed and verified)

MD5:

77765edfe336f9546135d4102324332a

SHA-1:

2d4e80212e73577abf5726f453bc3cd803300d27

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 2:40:26 PM UTC (today)

File size:

334.8 KB (342,840 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\wnetwatcher_setup.exe

Digital Signature

Signed by:

Nir Sofer

Authority:

COMODO CA Limited

Valid from:

9/12/2014 2:00:00 AM

Valid to:

9/13/2019 1:59:59 AM

Subject:

CN=Nir Sofer, O=Nir Sofer, STREET=5 Hashoshanim st., L=Ramat Gan, S=Gush Dan, PostalCode=52583, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1AF0660E837A35A2CD92EC613FC15DB8

File PE Metadata

Compilation timestamp:

5/3/2008 4:08:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:KXpd0reawffMJu3q2UTapySDZw7X4gxFP9j9K+vW23+ISihwjC9X1A1jtNW:Cdt0JhsDKX42D93vpK1S

Entry address:

0x3225

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 28, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, F9, 2A, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 50, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B0, 91, 40, 00, 68, A0, 36, 42, 00, E8, B0, 27, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 9E, 27, 00, 00... 
[+]

Entropy:

7.9149

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file wnetwatcher_setup.exe has been discovered within the following program.

QuickTime 7 by Apple Inc.

Publisher's description - “QuickTime Player 7 supports older media formats, such as QTVR, interactive QuickTime movies, and MIDI files on Snow Leopard and OS X Lion. It also accepts QuickTime 7 Pro registration codes, which turn on QuickTime Pro functions.”

www.apple.com

10% remove it

The file wnetwatcher_setup.exe has been seen being distributed by the following 50 URLs.

https://openload.co/.../qj6Wwlxv2Ik~1481470963~186.218.0.0~0PxLI9c6

https://ph2dwr.oloadcdn.net/dl/l/VNZ9t8_eQjs/.../wnetwatcher.exe

http://dw.uptodown.com/dwn/lkBdROO_6WicfEnVrkRFz6lRAUWemDzFx2Dtic3DaWCNO0e2hZk2ua_K6aj1ATKWw3F-0qVHurDRmTIkRILuNc2SHtSE9fH_h1eRIPOhpmiuHv_9lv4ayyQIY9LfkMwk/bDtnF15I7M_ORTC9k7Iyn3zPvoKSEmYitjBIUCcbYlMn4bL9ICMIUrM3kBTc1Nlqbn6bDNvulMIzo0ClJdX1SD9z_8w3sXTVxABBkuGmQyn07r9yLa35FvhWBHxw_EVv/5E8lqxdGkZST_ZciBYwRcl-gikJHedbcJYb9wD7pzh-W5RqHej0DPatOew8niYnGpaKJsX1mt94fyqM7D70JH0RAu4CjfU76Ky_Rb8o5UajpnpDNUWWDZv7gNdHHHNMh/.../

https://openload.co/.../qj6Wwlxv2Ik~1467817532~191.7.0.0~iJS4YlIt

https://openload.co/.../qj6Wwlxv2Ik~1471478608~152.249.0.0~ZNnp85Uo

https://ph2dwr.oloadcdn.net/dl/l/puNdOQTLqCU/.../wnetwatcher.exe

http://dw.uptodown.com/dwn/DyjdTjdZSi7QYbMHvfKb8_SuXSM9UWlp6lmcSeH2_EyomcZ13lU-QVzq29Or8qbpNevB8ndulcKBufrrFZBOcwwEzmqQqGUgs3Bhbc5Unr68GkjoE_X7mjDBmRRCSV49/EaCmFp5s_Dt3S-P_ERuiyHx9_It9QGGXURKc2vFniROBSGYnKhbJHJzUn9cW3aalwJ_64tFuaLbor2ypvRyU_eZJ5CrOvrNwFT9-Y5L6_fPd7auJd0IZltZsVWAffygv/OPntyqZFf2EcsXs50j1ngBUofA8nRJ1Hc1s7mYHXIi_NHQmkIi0ErMlUTrHnAjJhd_Z6VhmIrV7toKj05tVk48Wm9zATSDDp2gMqCM2v2BwWy50blbmeRYhMfmHNW6i1/.../

http://dw.uptodown.com/dwn/uPaKboKzFDSc9r5jLORgYhT1C7VIN-xQcENqfOwjo7zmEA-Z622D50RtwIQJ_WrBM6fC0TkygpQTRrpK5Fu_BZ29AqDMbuUX1diFVZd8cV7jMzR-eGp9pCdofScN-ekf/Eyb9QCjMeyZN_y9dbzyTL3KYSEGCoTUKrpQB4V2ojZoFPKij9wVg3B6A4oyorkNBvibpbkzmEUEowyIakhmU3wEZ7OpWmcdNMzovtGF4cUdUejVUezgb7svneXAXLbca/kPjtRo7zka77OfSdFYz5yRY4tOzJwPZrlaVllWb2HN13MZxrnzyDSr6l7yDZPb2-HQOZgKdFz_i5r5p9WWKRrCRTHlh1N4WHoT5n3QxPMJWErpNcPXUv9Ir1vaBJ-vi9/.../

https://openload.co/.../qj6Wwlxv2Ik~1483815295~89.114.0.0~UJzFbNgc

http://dw.uptodown.com/dwn/y6SIkaMulqA0c6_ZURMKK6CuFIuxqc5dDU0lQH1Px9q9vfulumey7Y8NIZEZ4c_mKzKmWFTVY_udfrCVA55-vw42xr6S-fhmh1E7SWj7pK_YMow0FZ1VkItVT-Ofwa7d/VMoWis40SGubvypihCg3ifGnP696TU6j3eK6VMvJYeNwr3VlnzK1c3KXhretMR0M-DKf2C5PIYO7HkJAX8_4Xg66lMqwrWDyGQDmIBk3oVyL14p8EGUclcgLF0dvfdu3/xwkNC6Unh85kgaG-6corBCacenlBbBe1z9Cq2bMTeygctUyIhSxqtuX_Ky37FgrmGi09lbqQ-FflP5NE08fOuN3tmp1gxLPbByPpVn1jCEOfQRYD0PnetKaNacJXKjoG/.../

https://openload.co/.../qj6Wwlxv2Ik~1474744686~143.0.0.0~Zm4k48Rz

https://openload.co/.../qj6Wwlxv2Ik~1478916429~179.183.0.0~Tl1DT-KE

https://openload.co/.../qj6Wwlxv2Ik~1475190450~2804:7f4::~AgOhR_bQ

http://dw.uptodown.com/dwn/cdRtTSEzncxGz_AT88gIV22PGLLgqu638T4VPC3lvwYHGh_PF8uUvJMdQsA506KoOgvUoKkd0z65T4FxnsMNh5r_DmRc6yRFTs6W71vvQrkHFmIn9fXdmCnCFZG0fAod/QHY1Ds6azUWTApVdaPf-71XcWOmbgp86TBuAQ0LjRLdCeFgZ-P-kEDNbibY9O8GAmY0cxNf4NypjzV9KsdoHFfrK2z8V25wM3MozvaoOF7p5Hfo29KMAbVnPbZyKfI8m/MrbpkkfvuZyDWo5XwBJjWIdVpaNwSm3CTcR74Y4-c9jLK8CxqjvBqg2zxmQ3EqMivUoMhL2wvf-13tYLj3PpGK3cgb-lHf09fX6kbp3mOqGOH56mY88qmoCVMDULLoHf/.../

http://dw.uptodown.com/dwn/ZjwjIfa9AIf6-ZYTaRKSyXZ5pIuGpksXpjjaHceSXBtfD78LkiuASvvNOgSN3NTaLub59wOW0GSZODg7mBCjrZmlTqVcEc-38hZ4qTWLGo_PKxlMqa_FXz68xRjGHRY0/JkSpIwCmJVbaYSRdkEnMv1E6suYBk5ZdgfPPHCMZ5zklyNFqXwbrpeZ0td22RPT5V_i-4aSjVLqH3IA8-2T-VRM54wJTeSu5t6k13Sx8OfsM3NknakyoS8fE3qhMb-mj/chT6eaglJ230eAYUhnUs0BqKElH3Q2y6b12U7PggU0Gs7fLrn9Y5dE-GVw-Sose4DbtxX6dvHcaRtrntKXtbZhTkQ3N3JJJVempoKsEM_vvJB7FPc9eAaCmpPEQ8QtjM/.../

http://dw.uptodown.com/dwn/K_IsEDhtqlT5EJvrFjLJXA1cBptd5XpIqMpxjxNKoBM-mWIGpb16guXr__S83PCfW7yZZ8bVsG7mVjGiVf3NrXgN2XpFa5LiywI2d2DjuaUnlaZYLSz9CsZlzM7ddjxK/fnj4IFkdCoW9Grzibl3FNzzk_R-cp2oB9U58P6ksdkSBc2vtSNzYryPll1jz251WpLwrhnY8u6Q8IOF-3tHHdQ2D8GX3YMJ8Xhx_sN09FnnWBCecW15W04jd7QM4xFVK/cWb8xIQO1N1rkbGwZKJMpQ4Fe8_8q52C9UBNWtyJammcwe4dXiGtyZDDssHoLuwrvrzmfYccjIKlFDqUZf-vDRNdBpzLQzMX2V9Ko48kvVQ1iVJ9dmHZDkTjXeGjpGT-/.../

http://dw.uptodown.com/dwn/mueZvvwU_76KOpmb8_rndX_KegbkrF-MgERim2T3EQ7ZPlO-j0ve43DzMPBz-Pv4AlPNbu3-b_MmooN1SFPnNvEfHp9Lv9LWc7RFcvlG8steTSVUaO1y7_IguBivY-Zl/BVDXtaq0HmghAnXA56tSkb6UwthUzHCCSX3Kd2h_rfj-aMCuihdED8mO1s4m29yhQFucOm1gkx2qjUGpbNS77CjXm8op4x3sJhwHmZTkJhhsxWckGal65U8NyCtX40Jy/HT64IyaFLVKykimlYFx_Lsl5ZF06NZMPp3_iSvSDIVYxaZXlyZQaH0I32AOJkClXgGHlxDTQBteE4xN-L31TdzqPswJule9crkze2xsSs6BFHY00nVZ_w6APlEbxNxJj/.../

https://ph2dwr.oloadcdn.net/dl/l/rXuERBTkLM4/.../wnetwatcher.exe

https://ph2dwr.oloadcdn.net/dl/l/faiTVePvUPE/.../wnetwatcher.exe

http://dw.uptodown.com/dwn/3rvGpggnsPVJT06H67VqYONih7STNHuDdr4PlJkQJZGbgz7NspYeZ99OU8qC3mgtwohSBRSLKqlrvNkCeICSuOXCgeqznzZNgzL_bpLNkwAL7PuMWpbm5XrmNCLwGmuw/QfTK1SZnQcJ-R1bm-k-aKZvmNJ6op3d4yPwCS3wJ_0JhEMqu108V2JGBq90KIAROu3F7arz77aO7iXCTioTSgYy8BWn-pZ55X0iZCCUUqKVqM_egVJbG8i93LnaLzchK/BmdAVoMvF6LfOhRxV1Ew-a6_6Ct8J7d28I8dAWZRa5TVQLUoCI00zW-BOqAFCpmhVwRnXOQMvy5OuTAiLDbvBa114R4Bf_qa_fuypAVptBAvUJThgmV61o7XC8lgU77l/.../

https://openload.co/.../qj6Wwlxv2Ik~1475786242~2804:490::~IHpB_pN7

https://openload.co/.../qj6Wwlxv2Ik~1466204779~200.7.0.0~9V5kxcuT

https://ph2dwr.oloadcdn.net/dl/l/VQ-M2Jp86dw/.../wnetwatcher.exe

https://openload.co/.../qj6Wwlxv2Ik~1481165360~138.186.0.0~RNAk_mNu

https://openload.co/.../qj6Wwlxv2Ik~1477249926~186.227.0.0~qDI5Jd5x

http://dw.uptodown.com/dwn/8TzzzA3Djiub9IH0qEgEoT95F6tZHJgeF16tClNOXp6Sejpi7K6JDvTcW-NMfBy9zZ6vKgnqRpplgl_P7eNjcUL7HU4eVFVxcg4g_slygcXtUhubGUPW-2UuzSsmsbOK/alkdcArdk1YKSj-vmHlaPy-naur3488AorZ7hzpLhvTw0U-NdkvhfI_I5ziVKRHjQrRpLn5H8a7doR2jr8nSUKgLcR-0JzmPjjFaJ19jDrMcbgNDz-mIVVulfyXr4FAp/ZW5MMNK-EKW1r0j6u-_VoMb_HojTpmUTJU9rcZp5l20UOQCMThPMoWYmgiXJmgWEyDOrIpD32LbnB6HkgACC9QhAhW8c26bUJgd5Pv1fRHiStL8g6agb5otNoNHZzY1P/.../

http://dw.uptodown.com/dwn/R7eozIWSOSuptxLKiOeD_izHhzCjXi1-48j8udutsgY04caDS_dOUoZUmLNTUdj6tVqsVMGxL-4RfFkp3Pm02PmI52tIaPpnWULdOPlO9hTca5x82aT-2KxM7WYQHlNo/H8twNR19i-MEryv82ybDmn1-0nXhddyie-deSq2O23hDPv9K8qMtgfUwmmcAdYNqCKoGfYqNN5BofV2rUFUk8EEKoOXtavQ453C51yQF9BGWwtnwrevGkX8jeapK_r5J/TnDVfYkNXZVJWMNQo4qx_L-LkHLhggZ7_P-KoH3W5RvQreH1L8DfpSCcjQYN0NDbEypiotuKtDCu_iieTIcbdq084alD1AyfHBAZADg0mvEwjEuuGH09DTcqZI86Kepq/.../

https://openload.co/.../qj6Wwlxv2Ik~1472954037~177.55.0.0~yjIT7pSc

http://dw.uptodown.com/dwn/HAQMAf_7WEmwgrcAG_qIQFc7c7-zEymNyD5odOrhog0Ujwf4jtHgLtBw4M6JOcOVzcUj58IMg0d8eBV4gY3oiS4N-LLximlr4n2zFXdCBHp9j2P_kjIP7aie7DE64jc_/gUGVLmTAtBudLlvvxABCZKVn5baW4MMPetKbEmY_SfLkWnfZ9qWKIBCfSdFB0_g0R8fNVZW2DUpFfQ7LSexEnOc6xbgZvm75TOZVMgTaJhIAC-3qVDBi1AWclFaoKVS_/RwZF8cGPk-DIUkGHJXRO3X5R8NUoJTMZXPyzdT1F_X4rfoWndzI1SuRmZUbz0Is9yNX6Gv2LYZrg_kD5Dnf3vIhyRqFtOTW4BHO8E2MxouADHXR_JXUfHYT9YQbYbi4u/.../

http://dw.uptodown.com/dwn/Dg-AvoQTiTtT_9vF4uxmJK468a_Tj3U5huiDZN0vtGpVJau_oyaloT6JDwzDXJRHFO5Yuz3Fs0J2eeWYO1Syhh8fx0iHHGoBWnugBn23C2iXTlsz1DRdInmUkRR7wRh-/Z8d09GXKUONG5SjJIOKItFGxbiz0gdcF5-0OPU0_Uhc5FluvOkAUPXcAEpHjFwSOlKGqagEBnX-u0mxg6bTIVMdt17J2EfZGlokIbQKIXOwY3ZHB-QVXjNY6BBlxJDcJ/jP6ec19P24GCf2m4edcfX8Fr1dfv_x6uPeQZ_TNVvT4Ux6LV_kFXBszORuF6aWZwObrDIc81G6cQM00cXTdL1bsmA4JzQAF8kZPpiNon8-ccde9wjJEEiCmda1OaZPoE/.../

Latest 30 of 74 download URLs

Scan wnetwatcher_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.