The awatch.exe (AdapterWatch) File Analysis

Updated 1 year ago

Checked by Malware Check

awatch.exe

Technical Analysis

File Name	awatch.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed`
SSDEEP Hash	768:8rVRkDeJj1DoQZB0H5Jd345/aICPcvHhP4UKPSHCntpPwexlJ:8PkDeJj1Fu5/4K4HhPbKqHCnt1wE
Scanner Version	1.0.165.174
Database Version	2024-02-18 16:00:24 UTC

⚠

Suspicious File Detected

Detected by 14 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

20%

Detection Rate

35,328

File Size (bytes)

14/71

Engines Detected

2024-02-18

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	e9d82d8cc89860c822807137cadc664f
SHA1	bf3ff859ef7211176e032fcad83a1800febacf97
SHA256	556124fe0767273b2d39bdd33c7e84af667b250a5172dbb37f6e50d40d872748
SHA512	1d7f6a7f79d73dac2b38f0b8620c079d069a5f76b00fb996d1a3ba6e6a304451591f6913eb5699ca3c0543ab17bc83f808064b82f658fd5f8b1d6135c06668ce
ImpHash	2601b8aa835a2f0977b5f66ac3a3a0f2

Security Engines with Detections (14 of 71)

Cynet

Malicious (score: 100) Malicious

Cylance

unsafe Malicious

Sangfor

Trojan.Win32.Adapterwatch.Vstq Malicious

ESET-NOD32

a variant of Win32/AdapterWatch.A potentially unsafe Malicious

APEX

Malicious Malicious

TrendMicro

HackTool.Win32.AdapterWatch.AA Malicious

Sophos

Nirsoft Adapter Watch (PUA) Malicious

GData

Win32.Riskware.AdapterWatch.OWT6R0 Malicious

Antiy-AVL

Trojan/Win32.BTSGeneric Malicious

TrendMicro-HouseCall

HackTool.Win32.AdapterWatch.AA Malicious

Rising

Malware.Undefined!8.C (C64:YzY0OqatlK8cRee1) Malicious

MaxSecure

Trojan.Malware.300983.susgen Malicious

Fortinet

W32/Adapter_Watch.A Malicious

DeepInstinct

MALICIOUS Malicious

57 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 98c1ca760f7ea58925f1da0b529c0314 Fuzzy: 5d80439bd81c51ff8779982772025703 dHash: 00b1e3b393f3e001
Image Base	`0x00400000`
Entry Point	`0x00415f60`
Compilation Time	2009-05-18 19:37:46
Checksum	0x00000000 (Actual: 0x0001303c)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed`
Digital Signature	The PE file does not contain a certificate table.
Imports	8 libraries KERNEL32, ADVAPI32, COMCTL32, comdlg32, GDI32, MSVCRT, SHELL32, USER32
Exports	0 functions
Resources	33 Resources
Sections	3 Sections

Version Information

▼

Comments
CompanyName	NirSoft
FileDescription	AdapterWatch
FileVersion	1.05
InternalName	AdapterWatch
LegalCopyright	Copyright © 2004 - 2009 Nir Sofer
LegalTrademarks
OriginalFilename	awatch.exe
PrivateBuild
ProductName	AdapterWatch
ProductVersion	1.05
SpecialBuild
Translation	0x0409 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`UPX0`	`0x00001000`	57,344 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`UPX1`	`0x0000f000`	32,768 bytes	29,184 bytes	7.89 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`490E2ED9B7F9EAAF9578B3F173D4A577`
`.rsrc`	`0x00017000`	8,192 bytes	5,120 bytes	3.76 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`C8279704E2D678E8EC51360C3B087189`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

▼

Total Resources: 33 (15,702 bytes)

Resource Type	Count	Total Size	Percentage
RT_CURSOR	1	308 bytes	2%
RT_BITMAP	1	1,000 bytes	6.4%
RT_ICON	2	1,040 bytes	6.6%
RT_MENU	2	2,178 bytes	13.9%
RT_DIALOG	3	1,670 bytes	10.6%
RT_STRING	19	7,956 bytes	50.7%
RT_ACCELERATOR	1	56 bytes	0.4%
RT_GROUP_CURSOR	1	20 bytes	0.1%
RT_GROUP_ICON	1	34 bytes	0.2%
RT_VERSION	1	844 bytes	5.4%
RT_MANIFEST	1	596 bytes	3.8%

Certificate Chain Analysis

▼

Certificate Information

Product	AdapterWatch
Description	AdapterWatch
File Version	1.05
Original Name	awatch.exe
Internal Name	AdapterWatch
Copyright	Copyright © 2004 - 2009 Nir Sofer

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

14 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1