Backdoor

Backdoor:Win32/Netbus.1_70 malicious file

Malware Removal

The Backdoor:Win32/Netbus.1_70 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/Netbus.1_70 virus can do?

  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Netbus.1_70?


File Info:

name: DF98CFC3B11E17553CAF.mlw
path: /opt/CAPEv2/storage/binaries/2fd466ee01ad287a6267bf8863bae95f43f43f3d8880f4dc3acdab55e740cecd
crc32: 49223C90
md5: df98cfc3b11e17553caf8e19e4730aa4
sha1: 1b5363e63e1a812fd6f9d2520b615b6f7244747a
sha256: 2fd466ee01ad287a6267bf8863bae95f43f43f3d8880f4dc3acdab55e740cecd
sha512: cb5c53c56ccf5cd4525d391faf503f76634f2df2cf7cd018ead09f9b2c8158b45451162dbbeaddee6f2b42cb7d71bf3ee44b1166b2990933313abb2d13875cee
ssdeep: 6144:eiHRQZks0niCX7QSoCg9H4wdSx3vi1W+7wUOthnSK+U4eE0nNqoB3P7q:NHRQKbb3ghdS1vi1W+sLhnS/8E0n4o
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19DB47D27F2818973C1131A749C5BD7A99826BF513E28ED46B7F91C0C8E393C27A291D7
sha3_384: 6b32212805dbda8d97941bec16e662170a45a14b1389b528ee6a3af40957524d0f42a9a2d79578f9cd14ca6a5a24fe54
ep_bytes: 558bec83c4f453b8b4a04500e83bb2fa
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Backdoor:Win32/Netbus.1_70 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Netbus.A
FireEyeGeneric.mg.df98cfc3b11e1755
CAT-QuickHealNetBus17.Srv
SkyhighBehavesLike.Win32.Dropper.hh
ALYacTrojan.Netbus.A
Cylanceunsafe
ZillyaTrojan.Netbus.Win32.88
SangforTrojan.Win32.Save.a
AlibabaBackdoor:Win32/Netbus.50f197d4
ArcabitTrojan.Netbus.A
VirITNetBus_Trojan
SymantecBackdoor.NetBus.svr
ESET-NOD32Netbus.170
APEXMalicious
TrendMicro-HouseCallBKDR_NETBUS.170
ClamAVWin.Trojan.Netbus-15
KasperskyBackdoor.Win32.Netbus.170
BitDefenderTrojan.Netbus.A
NANO-AntivirusTrojan.Win32.Netbus.hglzky
AvastWin32:NetBus-AO [Trj]
TencentMalware.Win32.Gencirc.10b19cd2
EmsisoftTrojan.Netbus.A (B)
F-SecureTrojan.TR/NB.KeyHook-1.7
DrWebBackDoor.NetBus.170
VIPRETrojan.Netbus.A
TrendMicroBKDR_NETBUS.170
Trapminemalicious.moderate.ml.score
SophosTroj/Netbus-A
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Netbus.170
WebrootW32.Backdoor.Gen
GoogleDetected
AviraTR/NB.KeyHook-1.7
VaristW32/NetBus.backdoor.494592.B
Antiy-AVLTrojan[Backdoor]/Win32.Netbus
KingsoftWin32.HeurC.KVM003.a
XcitiumBackdoor.Win32.Netbus.~C@2l2um
MicrosoftBackdoor:Win32/Netbus.1_70
ViRobotBackdoor.Win32.A.Netbus.520704
ZoneAlarmBackdoor.Win32.Netbus.170
GDataTrojan.Netbus.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.HDC.C155556
McAfeeNetBus.svr
MAXmalware (ai score=100)
VBA32Backdoor.Netbus
MalwarebytesNetbus.Backdoor.Bot.DDS
PandaTrj/Netbus.J
RisingBackdoor.Agent.duy (CLASSIC)
YandexTrojan.GenAsa!0sBzzEYK1XI
IkarusBackdoor.Win32.Netbus
MaxSecureTrojan.Malware.43100.susgen
FortinetW32/Netbus.A!tr
BitDefenderThetaAI:Packer.EE5681831F
AVGWin32:NetBus-AO [Trj]
DeepInstinctMALICIOUS
alibabacloudBackdoor:Win/Netbus.170 trojan

How to remove Backdoor:Win32/Netbus.1_70?

Backdoor:Win32/Netbus.1_70 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment