GridinSoft Threat Intelligence
Netwtw04.sys threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Trojan.Generic. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Trojan.Generic
- Recommended action
- Scan and remove
- Last analysis
- 2025-03-01 23:01:56 (a year ago)
- File hash
- 85428f938bf170a389745c0e88f2e1c0
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as Trojan.Generic, part of the Trojan threat category.
Malware disguised as legitimate software or delivered through deceptive packaging. Related Trojan reports help compare this file with nearby detections, publishers, and hashes.
First seen 2020-12-05 16:25:40 (5 years ago); latest analysis 2025-03-01 23:01:56 (a year ago).
Company metadata: Intel Corporation. Product metadata: Intel® Wireless WiFi Link Adapter.
Signed by Intel Wireless Driver;Microsoft Windows Hardware Compatibility Publisher. The signature is reported as valid, but signed files can still be bundled or abused.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present. Review the Trojan category for related samples and common context.
File context
Netwtw04.sys is a Windows file recorded in the ThreatInfo database. It is associated with Intel® Wireless WiFi Link Adapter. The reported company name is Intel Corporation. The current detection status is Trojan.Generic, based on the latest analysis from 2025-03-01 23:01:56 (a year ago). ThreatInfo groups this verdict with Trojan reports for broader family-level investigation.
If Netwtw04.sys appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Generic.
File Details
| Product Name: | Intel® Wireless WiFi Link Adapter |
| Company Name: | Intel Corporation |
| MD5: | 85428f938bf170a389745c0e88f2e1c0 |
| Size: | 8 MB |
| First Published: | 2020-12-05 16:25:40 (5 years ago) |
| Latest Published: | 2025-03-01 23:01:56 (a year ago) |
| Status: | Trojan.Generic (on last analysis) | |
| Analysis Date: | 2025-03-01 23:01:56 (a year ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Overview
| Signed By: | Intel Wireless Driver;Microsoft Windows Hardware Compatibility Publisher |
| Status: | Valid |
The signature on Netwtw04.sys is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.
Common Places:
| %localappdata%\slimware utilities inc\driverupdate\backups\20201023t143916934\pci |
| %localappdata%\slimware utilities inc\driverupdate\backups\20201023t182513304\pci |
| %localappdata%\slimware utilities inc\driverupdate\backups\20201024t111449245\pci |
| %system%\driverstore\filerepository |
| %sysdrive%\oem\caringcenter\drv\intel wireless lan_m ax201 |
ThreatInfo has observed Netwtw04.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen Netwtw04.sys across 2 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Canada with 80.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for Netwtw04.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
Netwtw04.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
61823d33caec7c338c5fdb79f36dbe19
cd39c9865ee70e5eada66f2029a01df4
7bccf98a730b80cbfd7741b778967924
7b43ff8b7c28c4405b82d448ca5c29fa
0057af90654c741b0e2db83f7404076e
912d01b0963687bd23e1dfbf0e0525a1
89113933a62d45ad9b5c4770c85ce741
f15e2521e5efde8f654d7a7dbe387be2
66a8de2e20e85486a766bb3f3377b995
37faf8148427d385543e94fe67198952
83375bc2add7274c5b133a503b76a7dd
04e5958a1148b258ed979cad3826cf51
95ae6786113d5cc2c2b698203b33fca3
f23cb2e85395c3793b755377042d598e
940ab37be9d21e4a5a1f27243f9aa1bc
871178ed68d59d12bf985e15cc0fb89f
cc48f93cc7f4cb6f0cbac4d5f93e2b0b
3dad592b368a6baccc7fb0050bea3e3d
bf619eac0cdf3f68d496ea9344137e8b
efaf5a82d422d2d02c279547556438f1
5293a7535231f81b342d30e619239e73
2dd486cf484bc5ec5ec08f5418c72b46
a566c64285e01e7a435a810a90f66ddb
18e9037e39e536406c60260f5377e5de
f731dd223077e5f0ddde215bc1bc2904
9571ccc80958cf7f8f060bd2961a44d6
af520ca5d45625605fd1893e026d7dbe
e3ac150113d48d216f44684ab32e2f99
dddcc03e2b592ffd37f7ac3ccb835596
f0b4ea35258e2b1685fc07bdbffdb12c
b2d1236c286a3c0704224fe4105eca49
d0740597b30ce9df6292a7261f403f74
23c535639941aa03902c15f5ecadf09e
4f305b28be63b9a835b870d85981dbfe
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Trojan.Generic
This report identifies Netwtw04.sys by MD5 85428f938bf170a389745c0e88f2e1c0. It is part of the Trojan report group. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.