Crack

What is “HackTool.Win32.NetScanner”?

Malware Removal

The HackTool.Win32.NetScanner is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What HackTool.Win32.NetScanner virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine HackTool.Win32.NetScanner?


File Info:

name: 97E9BE0AF4400C34B5F5.mlw
path: /opt/CAPEv2/storage/binaries/a71a82e7f285a94e1d4e7b1154ff623f4fa3099a4f960c1f6ef4aa25191dedb6
crc32: AD59F05F
md5: 97e9be0af4400c34b5f5c07754949a09
sha1: 166d2a233007d4caba66d95baea0ce2b7c0474e1
sha256: a71a82e7f285a94e1d4e7b1154ff623f4fa3099a4f960c1f6ef4aa25191dedb6
sha512: 6b15db2f999d855cbdae6afb7e3a8239f51dc59a0d8ff4adb9203cd5fdba97f88d8407fc378dce715846b69e11a0bcaf7644c1582c437ed23e4c56a3bfefbfcc
ssdeep: 49152:F5Zi+ggdFr9Ud8cZgmK3bdbIVBFNTOcglz0Ch98hcVl0oWgX+s8KuqGaX0ToIBAT:lPggdFrKPZgmK3CBLyrucUo4JBAUZLoH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BD16C012B282C0F2D6121530547BBB7BD63AEE620B298AC773D4FF6C5D322D09A76157
sha3_384: 85fa68ca75dc4bd5391b4bd5908d62d95be2ee2ffe03f553c11fbdc92b64bfa161a8bed251a44421ca4b257c55ecf340
ep_bytes: 558bec6aff6800776f006804224b0064
timestamp: 2021-11-05 08:48:45

Version Info:

FileVersion: 1.0.0.0
FileDescription: EA开包
ProductName: EA开包
ProductVersion: 1.0.0.0
CompanyName: EA开包
LegalCopyright: EA开包
Comments: EA开包
Translation: 0x0804 0x04b0

HackTool.Win32.NetScanner also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.48746027
FireEyeGeneric.mg.97e9be0af4400c34
McAfeeArtemis!97E9BE0AF440
CylanceUnsafe
SangforTrojan.Win32.Wacatac.B
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
CrowdStrikewin/malicious_confidence_60% (D)
CyrenW32/A-2521f541!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9820446-0
KasperskyHEUR:HackTool.Win32.NetScanner.gen
BitDefenderTrojan.GenericKD.48746027
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.48746027
EmsisoftTrojan.GenericKD.48746027 (B)
ComodoWorm.Win32.Dropper.RA@1qraug
McAfee-GW-EditionBehavesLike.Win32.Generic.wh
SophosGeneric PUA BG (PUA)
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=81)
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Generic.D2E7CE2B
GDataWin32.Trojan.PSE.15PTMPD
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Evo-gen.C5037759
VBA32BScope.Trojan.Win64.Agent
ALYacTrojan.GenericKD.48746027
TACHYONTrojan/W32.Agent.4141056.J
MalwarebytesTrojan.MalPack.FlyStudio
TrendMicro-HouseCallTROJ_GEN.R002H0CCV22
RisingTrojan.Generic@AI.98 (RDMK:cmRtazr5f/zFJpy5fPGN0H5w6Zb9)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaF.34638.8t0@a88Qv1pb
AVGWin32:Malware-gen
Cybereasonmalicious.33007d

How to remove HackTool.Win32.NetScanner?

HackTool.Win32.NetScanner removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment