Categories: Backdoor

Backdoor:Win32/Netsnake.D (file analysis)

The Backdoor:Win32/Netsnake.D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Netsnake.D virus can do?

Attempts to connect to a dead IP:Port (1 unique times)
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial language used in binary resources: Chinese (Simplified)
Installs itself for autorun at Windows startup
Creates a copy of itself
Harvests information related to installed mail clients
Connects to an IRC server, possibly part of a botnet

Related domains:

365i.51.net

pop.163.com

How to determine Backdoor:Win32/Netsnake.D?


File Info:
crc32: 954293ABmd5: a730f2752700f694c87cede7bf383e1fname: A730F2752700F694C87CEDE7BF383E1F.mlwsha1: 7a232f580a4277b8d5782bd717124e96d7cfb9edsha256: bda60f4bd056b59d9b009bc36193b9254ec98d9d879a3ee6a8c86dae7c311519sha512: be3b44bc13038eb351ac8e6b5153a2e0eb4453ac52e5710ed6e838587b87f14dd0cb03162b4f9a5f57e7fa432b211c851290ca755fa07085a3cdc5fa47e8408bssdeep: 1536:UtfDrxy3PKoSpcU2r78L1v1GMOG5Ht6tt6igHtp+T1OvxN3VFPh:Utfhy3ccVud1Xt8tzItp+IxRV/type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) Microsoft Corp. 1993-1998InternalName: iexploreFileVersion: 6.00.2600CompanyName: Microsoft CorporationPrivateBuild: LegalTrademarks: Comments: WIN32 Network Interface Service ProcessProductName: Microsoft(R) WindowsSpecialBuild: ProductVersion: 5.00.2920.0000FileDescription: Internet ExplorerOriginalFilename: IEXPLORE.EXETranslation: 0x0409 0x04b0

Backdoor:Win32/Netsnake.D also known as:

K7AntiVirus	Riskware ( 0040eff71 )
Lionic	Trojan.Win32.Netsnake.m!c
DrWeb	BackDoor.PowerSpider
ClamAV	Win.Trojan.Netsnake-6
ALYac	Trojan.Generic.7552262
Zillya	Backdoor.Netsnake.Win32.50
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Trojan.Generic.7552262
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.52700f
Cyren	W32/Backdoor.FUPH-5735
Symantec	Backdoor.Powerspider.B
ESET-NOD32	Win32/Netsnake.D
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Netsnake.d
Alibaba	Backdoor:Win32/Netsnake.22e33e89
NANO-Antivirus	Trojan.Win32.Netsnake.fknp
ViRobot	Backdoor.Win32.A.Netsnake.163840
MicroWorld-eScan	Trojan.Generic.7552262
Tencent	Malware.Win32.Gencirc.11b40b8c
Ad-Aware	Trojan.Generic.7552262
Sophos	Troj/Bdoor-AKM
Comodo	Backdoor.Win32.Netsnake.D@2b9y
BitDefenderTheta	Gen:NN.ZexaF.34050.kq2@aGQMkXij
VIPRE	Trojan.Win32.Generic.pak!cobra
TrendMicro	BKDR_NETSNAKE.D
McAfee-GW-Edition	W32/Qeds.a
FireEye	Generic.mg.a730f2752700f694
Emsisoft	Trojan.Generic.7552262 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/PwdBox.c
Avira	BDC/PowerSpider.D
eGambit	Unsafe.AI_Score_98%
Antiy-AVL	Trojan/Generic.ASMalwS.3E182
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Backdoor:Win32/Netsnake.D
ZoneAlarm	Backdoor.Win32.Netsnake.d
GData	Trojan.Generic.7552262 (2x)
TACHYON	Backdoor/W32.Netsnake.167936
AhnLab-V3	Trojan/Win32.Netsnake.R130422
VBA32	Backdoor.Netsnake
MAX	malware (ai score=100)
TrendMicro-HouseCall	BKDR_NETSNAKE.D
Rising	Trojan.PSW.Minisnake (CLASSIC)
Yandex	Trojan.GenAsa!yGzwa19zMq4
Ikarus	Backdoor.Win32.Netsnake
Fortinet	W32/Netsnake.D!tr.bdr
Panda	Trj/Genetic.gen
Qihoo-360	Win32/Ransom.Snake.HykCEpsA