Netwtw04.sys threat report

» File
File Details
Overview
Analysis

ThreatInfo file report

Netwtw04.sys

Verdict Trojan.Generic

MD5 85428f938bf170a389745c0e88f2e1c0

Latest seen 2025-03-01 23:01:56 (a year ago)

First seen 2020-12-05 16:25:40 (5 years ago)

Size 8 MB

Publisher Intel Corporation

Product Intel® Wireless WiFi Link Adapter

Signed by Intel Wireless Driver;Microsoft Windows Hardware Compatibility Publisher

Analyst brief

What this report says

GridinSoft Anti-Malware detects Netwtw04.sys as Trojan.Generic. The sample was last observed on 2025-03-01 23:01:56 (a year ago) and reports publisher metadata associated with Intel Corporation / Intel® Wireless WiFi Link Adapter.

This page combines the detection verdict with file identity, publisher metadata, alternate names, observed paths, geography, OS signals, and PE details so the report reads as a triage record rather than a standalone download page.

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as Trojan.Generic. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name: Trojan.Generic
Recommended action: Scan and remove
Last analysis: 2025-03-01 23:01:56 (a year ago)
File hash: 85428f938bf170a389745c0e88f2e1c0

Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as Trojan.Generic.

Timeline

First seen 2020-12-05 16:25:40 (5 years ago); latest analysis 2025-03-01 23:01:56 (a year ago).

Publisher context

Company metadata: Intel Corporation. Product metadata: Intel® Wireless WiFi Link Adapter.

Digital signature

Signed by Intel Wireless Driver;Microsoft Windows Hardware Compatibility Publisher. The signature is reported as valid, but signed files can still be bundled or abused.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

Compare the MD5 above with the file found on the device.
Check whether the file appears in the observed locations or under one of the alternate names.
Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.

File context

Netwtw04.sys is a Windows file recorded in the ThreatInfo database. It is associated with Intel® Wireless WiFi Link Adapter. The reported company name is Intel Corporation. The current detection status is Trojan.Generic, based on the latest analysis from 2025-03-01 23:01:56 (a year ago).

If Netwtw04.sys appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Generic.

File Details

Main Info:

Product Name:	Intel® Wireless WiFi Link Adapter
Company Name:	Intel Corporation
MD5:	85428f938bf170a389745c0e88f2e1c0
Size:	8 MB
First Published:	2020-12-05 16:25:40 (5 years ago)
Latest Published:	2025-03-01 23:01:56 (a year ago)

Analysis:

Status:	Trojan.Generic (on last analysis)
Analysis Date:	2025-03-01 23:01:56 (a year ago)

Detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Overview

Digital Signature

Signed By:	Intel Wireless Driver;Microsoft Windows Hardware Compatibility Publisher
Status:	Valid

The signature on Netwtw04.sys is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%localappdata%\slimware utilities inc\driverupdate\backups\20201023t143916934\pci

%localappdata%\slimware utilities inc\driverupdate\backups\20201023t182513304\pci

%localappdata%\slimware utilities inc\driverupdate\backups\20201024t111449245\pci

%system%\driverstore\filerepository

%sysdrive%\oem\caringcenter\drv\intel wireless lan_m ax201

ThreatInfo has observed Netwtw04.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

Geography:

	80.0%
	20.0%

The strongest geographic signal for this file is Canada with 80.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 10

100.0%

The most common operating system signal for Netwtw04.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

PE Info:

Netwtw04.sys is identified as pe for 64 systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Subsystem:	Native
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000140000000
Entry Address:	0x0004e8c0

PE Sections:

Name	Size of data	MD5
.text	4476928	61823d33caec7c338c5fdb79f36dbe19
.rdata	792576	cd39c9865ee70e5eada66f2029a01df4
.data	151040	7bccf98a730b80cbfd7741b778967924
.pdata	186880	7b43ff8b7c28c4405b82d448ca5c29fa
PAGEcsrv	88064	0057af90654c741b0e2db83f7404076e
PAGEcjaw	102400	912d01b0963687bd23e1dfbf0e0525a1
PAGEcwfd	118272	89113933a62d45ad9b5c4770c85ce741
PAGE	1536	f15e2521e5efde8f654d7a7dbe387be2
PAGEcnlo	1536	66a8de2e20e85486a766bb3f3377b995
PAGEccln	95744	37faf8148427d385543e94fe67198952
PAGEcsec	29696	83375bc2add7274c5b133a503b76a7dd
PAGEcsv_	71680	04e5958a1148b258ed979cad3826cf51
PAGEcimg	8704	95ae6786113d5cc2c2b698203b33fca3
PAGEcpsm	6656	f23cb2e85395c3793b755377042d598e
PAGEcctw	6144	940ab37be9d21e4a5a1f27243f9aa1bc
PAGEdoid	28160	871178ed68d59d12bf985e15cc0fb89f
PAGEdcln	4096	cc48f93cc7f4cb6f0cbac4d5f93e2b0b
PAGEdsv_	2560	3dad592b368a6baccc7fb0050bea3e3d
PAGEDATA	512	bf619eac0cdf3f68d496ea9344137e8b
PAGEdreg	265216	efaf5a82d422d2d02c279547556438f1
PAGEdStn	1024	5293a7535231f81b342d30e619239e73
PAGEdSnd	512	2dd486cf484bc5ec5ec08f5418c72b46
PAGEdSnF	1024	a566c64285e01e7a435a810a90f66ddb
PAGEdWsP	1024	18e9037e39e536406c60260f5377e5de
PAGEdPsr	2048	f731dd223077e5f0ddde215bc1bc2904
PAGEdThP	512	9571ccc80958cf7f8f060bd2961a44d6
PAGEdQua	1024	af520ca5d45625605fd1893e026d7dbe
PAGEdjaw	1536	e3ac150113d48d216f44684ab32e2f99
PAGEdctw	512	dddcc03e2b592ffd37f7ac3ccb835596
PAGEdimg	512	f0b4ea35258e2b1685fc07bdbffdb12c
PAGEdrlg	2097152	b2d1236c286a3c0704224fe4105eca49
INIT	5120	d0740597b30ce9df6292a7261f403f74
.rsrc	46080	23c535639941aa03902c15f5ecadf09e
.reloc	27136	4f305b28be63b9a835b870d85981dbfe

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

More information:

Search on Virustotal

Scan with GridinSoft Anti-Malware if this file is present on your device.

copyright for information about Netwtw04.sys