home

netutils2016.exe

Kuiting Chen

The application netutils2016.exe by Kuiting Chen has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address anubisnetworks.com on port 80 using the HTTP protocol.
Publisher:
Kuiting Chen  (signed and verified)

Version:
1.0.28.16

MD5:
d6f9e3a60884db1222a014cd180e8b92

SHA-1:
288ea299614d4cdf42bb9da961f4cff8e394c183

SHA-256:
deaf3aee8e37558d54302ba3ba466a037299b37057ccfcf950d9e2b6466cc8ee

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 5:02:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.HDWallPaper (M)
16.9.14.7

File size:
459.6 KB (470,592 bytes)

Product version:
1.0.28.16

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\windows\syswow64\netutils2016.exe

Digital Signature
Signed by:
Kuiting Chen

Authority:
WoSign CA Limited

Valid from:
5/22/2016 11:21:57 PM

Valid to:
5/22/2017 11:21:57 PM

Subject:
CN=Kuiting Chen, L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
1131906A89F1AF709C04782F1CA199F1

File PE Metadata
Compilation timestamp:
9/13/2016 12:06:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
12288:HcOCuXKoG2T99Wh+LLYRbIgpnvQ/dQJvNMOvpTGl1:HcPuXDzJC+LLYKgpnidIlMqTu1

Entry address:
0x25080

Entry point:
8B, FF, 55, 8B, EC, E8, 96, 60, 01, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, B8, 70, 46, 00, 68, E0, 87, 42, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, E8, 53, 56, 57, A1, 7C, A4, 46, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, DC, 00, 00, 00, 00, E8, 7F, 01, 00, 00, 89, 45, E0, 6A, 01, E8, E5, 67, 01, 00, 83, C4, 04, 85, C0, 75, 0A, 6A, 1C, E8, 37, 01, 00, 00, 83, C4, 04, E8, 7F, 57, 00...
 
[+]

Entropy:
6.4983

Code size:
320 KB (327,680 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to anubisnetworks.com  (195.22.26.248:80)

Remove netutils2016.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.