GridinSoft Threat Intelligence
Netwtw04.sys file report
Why it matters
Evidence available for this file
No final classification is available yet.
First seen 2020-12-05 16:40:59 (5 years ago); latest analysis 2022-11-01 23:58:01 (3 years ago).
Company metadata: Intel Corporation. Product metadata: Intel® Wireless WiFi Link Adapter.
Signed by Intel Wireless Driver;Microsoft Windows Hardware Compatibility Publisher. The signature is reported as valid, but signed files can still be bundled or abused.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Use the hash and metadata below to verify the exact file identity.
- Review publisher, signature, paths, and PE details for inconsistencies.
- Run a local scan if the file appears unexpectedly or starts with Windows.
File context
Netwtw04.sys is a Windows file recorded in the ThreatInfo database. It is associated with Intel® Wireless WiFi Link Adapter. The reported company name is Intel Corporation. The current detection status is Undefined, based on the latest analysis from 2022-11-01 23:58:01 (3 years ago).
ThreatInfo does not have a final classification for this file yet. Use the technical details below to compare the hash, size, signature, and observed locations with the copy found on your device.
File Details
| Product Name: | Intel® Wireless WiFi Link Adapter |
| Company Name: | Intel Corporation |
| MD5: | e52ae25649c812c200309bdf25e27667 |
| Size: | 8 MB |
| First Published: | 2020-12-05 16:40:59 (5 years ago) |
| Latest Published: | 2022-11-01 23:58:01 (3 years ago) |
| Status: | Undefined (on last analysis) | |
| Analysis Date: | 2022-11-01 23:58:01 (3 years ago) |
Overview
| Signed By: | Intel Wireless Driver;Microsoft Windows Hardware Compatibility Publisher |
| Status: | Valid |
The signature on Netwtw04.sys is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.
Common Places:
| %localappdata%\slimware utilities inc\driverupdate\backups\20201101t135232679\pci |
| %sysdrive%\hpswsetup\sp107672 |
| %system%\driverstore\filerepository |
ThreatInfo has observed Netwtw04.sys in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen Netwtw04.sys across 5 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Canada with 20.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for Netwtw04.sys is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
Netwtw04.sys is identified as pe for 64-bit systems. The subsystem is Native. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
e79c6d46caa77358448084ced0e20d4a
6948ca1eaa3e2cd4add828ed41ef9d8d
b8c88e1555379757f46bd03e0fa9d628
c57cfefabaa7845e20544f1eea9a1c6b
1a5ea77b56508395eb0f68330338bcac
8ac078e5e7082d4f9cb1377fccad8828
ad608dd218692f8130844acdcaf7df27
614399f8214646e3db0d842b68dbdcd3
3c9ead78f5d5385782b3b990bd612661
a70a6717f298bd3ebf5f0bf13c1407f3
f201507c3f5bd88f3c1203fa14419005
d6928894087bd1fdc8b5ba953ee4d60b
7ed8207fbb49ff03a2eeb91a9f0c48fb
2ebe2f2e6ec5a59548f748366db308b8
ccbb83deaf2e5ba09374e75cb0b4f6cc
a363c9f0b83164b3768179c024fdd68f
ee96cdb7c75d5834e56f5ad5ac1c16b9
3dad592b368a6baccc7fb0050bea3e3d
bf619eac0cdf3f68d496ea9344137e8b
1c0faf182e7d4ec6d48a2e592c2a0f26
6afc48440df7de7ae718053b9e1e1434
48f43e802900872a95ea1bfe90a0a6d0
bdea9124c28cc2e4214b4f79e96e5a0f
ac4a49f715059c1f3d632817c7c802f9
33a74ec57538c6d0f38e38a63a8db7d4
9571ccc80958cf7f8f060bd2961a44d6
a279f77cadfe3a5b44bc4f995b8738b0
99b7870fd448ced55997a848c483773c
dddcc03e2b592ffd37f7ac3ccb835596
58be6722df58bafcffb8d0bf3aa8ee17
b2d1236c286a3c0704224fe4105eca49
acaa714195cd357bb8be54fccfe96804
879cfc9c1a138639388453225c4f77f4
90e539cf2ed2e7e754a22c2519757c80
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
This file is still under review
ThreatInfo has not assigned a final verdict yet. Compare the file hash, location, signature, and publisher before trusting the file on a production system.