× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 848e12d94d467f2add01403a730e0b4762f594baf70c425fe86b3917c3f0b00b
File name: NetBus.exe
Detection ratio: 56 / 71
Analysis date: 2018-12-19 01:51:23 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Netbus.B5DC99EC 20181218
AhnLab-V3 Win-Trojan/Netbus.Client_v17 20181218
ALYac Backdoor.RAT.NetBus.V1.7 20181218
Antiy-AVL Trojan[Backdoor]/Win32.Netbus 20181218
Avast Win32:NetBus-AO [Trj] 20181219
AVG Win32:NetBus-AO [Trj] 20181219
Avira (no cloud) TR/NetBus 20181219
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Generic.Netbus.B5DC99EC 20181219
CAT-QuickHeal NetBus17.Cl 20181218
ClamAV Win.Trojan.Netbus-2 20181219
CMC Generic.Win32.067a8e2d5c!MD 20181218
Comodo TrojWare.Win32.NetBus.1_70.Client@2qq4 20181219
Cybereason malicious.d5ccfe 20180225
Cylance Unsafe 20181219
Cyren W32/Backdoor.SMBX-5248 20181219
DrWeb Trojan.Click2.59704 20181219
Emsisoft Generic.Netbus.B5DC99EC (B) 20181219
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 Win32/NetBus.1_70.Client 20181218
F-Prot W32/Backdoor.AAVN 20181219
F-Secure Generic.Netbus.B5DC99EC 20181218
Fortinet W32/BDoor.Netbus.170!tr 20181219
GData Generic.Netbus.B5DC99EC 20181218
Jiangmin Backdoor/Netbus.170 20181218
K7AntiVirus Trojan ( 00463f971 ) 20181218
K7GW Trojan ( 00463f971 ) 20181218
Kaspersky Backdoor.Win32.Valvoline 20181218
Kingsoft Win32.Hack.Valvoline.(kcloud) 20181219
Malwarebytes Trojan.Netbus 20181218
MAX malware (ai score=100) 20181219
McAfee NetBus.cli 20181218
McAfee-GW-Edition NetBus.cli 20181218
Microsoft Backdoor:Win32/Netbus.1_70 20181218
eScan Generic.Netbus.B5DC99EC 20181218
NANO-Antivirus Trojan.Win32.Netbus.fklj 20181218
Palo Alto Networks (Known Signatures) generic.ml 20181219
Panda Trj/Netbus.G 20181218
Qihoo-360 Malware.Radar01.Gen 20181219
Rising Backdoor.Valvoline!8.2E82 (CLOUD) 20181218
Sophos AV Troj/Netbus-170 20181218
SUPERAntiSpyware Backdoor.Netbus 20181212
Symantec Backdoor.Netbus.cli 20181218
TACHYON Backdoor/W32.DP-Netbus.599552 20181218
Tencent Win32.Backdoor.Valvoline.Eyk 20181219
TheHacker Netbus.cli170 20181216
TotalDefense Win32/Netbus.170 20181218
TrendMicro SPYWARE_KEYL_NEIKTER 20181218
TrendMicro-HouseCall SPYWARE_KEYL_NEIKTER 20181218
VBA32 Backdoor.Win32.Netbus.170 20181218
VIPRE Trojan.Win32.Generic!BT 20181218
ViRobot Backdoor.Win32.NetBus.599552 20181218
Webroot W32.Trojan.Backdoor-Netbus 20181219
Yandex Backdoor.Agent!dKSPtH4tIdE 20181218
Zillya Backdoor.Valvoline.Win32.44 20181217
ZoneAlarm by Check Point Backdoor.Win32.Valvoline 20181218
Acronis 20180726
AegisLab 20181218
Alibaba 20180921
Arcabit 20181219
Avast-Mobile 20181218
Babable 20180918
Baidu 20181207
Bkav 20181217
CrowdStrike Falcon (ML) 20181022
eGambit 20181219
Sophos ML 20181128
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181215
Trapmine 20181205
Trustlook 20181219
Zoner 20181218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00067938
Number of sections 8
PE sections
PE imports
RegFlushKey
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_GetImageInfo
InitCommonControls
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_GetImageCount
ImageList_Replace
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetOpenFileNameA
GetSaveFileNameA
GetBrushOrgEx
GetDIBColorTable
DeleteEnhMetaFile
GetWindowOrgEx
PatBlt
GetClipBox
GetCurrentPositionEx
SaveDC
TextOutA
GdiFlush
GetTextMetricsA
MaskBlt
CreateBrushIndirect
SetStretchBltMode
GetEnhMetaFilePaletteEntries
EnumFontsA
GetPixel
Rectangle
BitBlt
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
CreateSolidBrush
IntersectClipRect
CreateHalftonePalette
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
SetEnhMetaFileBits
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
GetDIBits
GetEnhMetaFileBits
SetBrushOrgEx
PlayEnhMetaFile
StretchBlt
GetBitmapBits
CreateCompatibleDC
SetROP2
CreateRectRgn
CreateFontIndirectA
SelectObject
GetWinMetaFileBits
SetDIBColorTable
GetEnhMetaFileHeader
GetPaletteEntries
SetWindowOrgEx
Polyline
CreatePenIndirect
GetTextExtentPointA
SetBkColor
SetWinMetaFileBits
DeleteObject
CreateCompatibleBitmap
EnumFontFamiliesExA
SetThreadLocale
GetLastError
GetStdHandle
EnterCriticalSection
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
MulDiv
ExitProcess
GetThreadLocale
GetVersionExA
GlobalUnlock
GetModuleFileNameA
GetFileSize
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
SizeofResource
GetLocaleInfoA
LocalAlloc
GlobalAddAtomA
LockResource
CreateThread
SetErrorMode
MultiByteToWideChar
FileTimeToDosDateTime
GetCPInfo
GetCommandLineA
GlobalLock
FormatMessageA
GetCurrentProcessId
GetModuleHandleA
GetTempPathA
RaiseException
CompareStringA
WideCharToMultiByte
FileTimeToLocalFileTime
SetFilePointer
lstrcmpA
ReadFile
GetCurrentThreadId
GlobalReAlloc
lstrcpyA
EnumCalendarInfoA
FindFirstFileA
CloseHandle
FindNextFileA
ExitThread
GetProcAddress
FreeResource
GlobalAlloc
SetEvent
LocalFree
FindResourceA
ResumeThread
GetExitCodeThread
InitializeCriticalSection
LoadResource
WriteFile
VirtualQuery
VirtualFree
CreateEventA
FindClose
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
GlobalHandle
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
SysReAllocStringLen
SysFreeString
VariantChangeTypeEx
ShellExecuteA
Shell_NotifyIconA
MapWindowPoints
GetForegroundWindow
SetWindowRgn
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
DrawIcon
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
ClientToScreen
GetActiveWindow
ShowCursor
MsgWaitForMultipleObjects
GetMenuStringA
GetWindowTextA
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
GetPropA
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
GetIconInfo
LoadStringA
ScrollWindow
CharLowerA
IsZoomed
GetWindowPlacement
GetWindowRgn
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetWindowLongA
SetTimer
OemToCharA
ShowOwnedPopups
FillRect
EnumThreadWindows
CreateMenu
DestroyWindow
IsDialogMessageA
SetFocus
CreateWindowExA
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetClipboardData
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDCEx
GetDlgItem
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetKeyboardLayout
GetSystemMenu
SetForegroundWindow
DrawTextA
IntersectRect
GetCapture
WaitMessage
CreatePopupMenu
RemoveMenu
GetWindowThreadProcessId
DrawFrameControl
UnhookWindowsHookEx
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetKeyState
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
GetKeyNameTextA
IsWindowVisible
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
GetKeyboardType
SetMenu
SetCursor
mciSendCommandA
mciGetErrorStringA
ioctlsocket
htons
socket
closesocket
inet_addr
send
WSAAsyncSelect
WSAStartup
gethostbyname
ntohs
connect
inet_ntoa
WSACleanup
recv
getpeername
WSAGetLastError
getservbyname
Number of PE resources by type
RT_BITMAP 48
RT_RCDATA 21
RT_STRING 15
RT_GROUP_CURSOR 7
RT_CURSOR 7
RAWDATA 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 98
SWEDISH 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
420864

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x67938

InitializedDataSize
177664

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 067a8e2d5ccfe6eeed1fedfa5d223107
SHA1 fa60dbc10d96ea390e5679deb360ced14ed8a9d6
SHA256 848e12d94d467f2add01403a730e0b4762f594baf70c425fe86b3917c3f0b00b
ssdeep
12288:Jgvar9zOSssaKDyr2QymB0fZnvc+kEsFpSreAck56O+0n4S:evar9H7aENQymB0fxkEiSJck56N0n

authentihash 4ace1f936cb6a8c3b5f782b2b64293c584a8c49968961daf352e318bc28861ec
imphash bde185082ae6cc7dfbb84c2e28176fd3
File size 585.5 KB ( 599552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 5 (82.9%)
InstallShield setup (7.9%)
Win32 Executable Delphi generic (2.6%)
Windows screen saver (2.4%)
DOS Borland compiled Executable (generic) (1.8%)
Tags
peexe nsrl

VirusTotal metadata
First submission 2006-06-02 23:43:30 UTC ( 12 years, 10 months ago )
Last submission 2018-11-28 10:11:47 UTC ( 4 months, 3 weeks ago )
File names 067a8e2d5ccfe6eeed1fedfa5d223107
067A8E2D5CCFE6EEED1FEDFA5D223107
latajacy.exe
067a8e2d5ccfe6eeed1fedfa5d223107.exe
Paulo Freire.pdf
re.exe
NETBUS.EXE
NetBus.exe
new.exe.exe
NetBus.exe
067a8e2d5ccfe6eeed1fedfa5d223107
NetBus.exe
NetBus (2).exe
smona_848e12d94d467f2add01403a730e0b4762f594baf70c425fe86b3917c3f0b00b.bin
NetBus.exe
NetBus.exe
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products NetBus (Unknown)
File names NetBus.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!