The client32 (NetSupport Client Application) File Analysis

Updated 1 year ago

Checked by Malware Check

client32

Technical Analysis

File Name	client32
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	384:qTjV5+6j6Qa86Fkv2Wr120hZIqeTSGRp2TkFimMP:qHVZl6FhWr80/heT8TkFiH
Scanner Version	1.0.138.174
Database Version	2023-09-13 08:01:47 UTC

⚠

Suspicious File Detected

Detected by 33 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

RemoteAdmin tools provide legitimate remote system management capabilities but can be exploited by threat actors for unauthorized access and control over victim systems.

47%

Detection Rate

105,848

File Size (bytes)

33/70

Engines Detected

2023-09-13

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	8d9709ff7d9c83bd376e01912c734f0a
SHA1	e3c92713ce1d7eaa5e2b1fabeb06cdc0bb499294
SHA256	49a568f8ac11173e3a0d76cff6bc1d4b9bdf2c35c6d8570177422f142dcfdbe3
SHA512	042ad89ed2e15671f5df67766d11e1fa7ada8241d4513e7c8f0d77b983505d63ebfb39fefa590a2712b77d7024c04445390a8bf4999648f83dbab6b0f04eb2ee
ImpHash	78ed70ebeb178ed1bae5921d2ed514bc

Security Engines with Detections (33 of 70)

Lionic

Riskware.Win32.NetSup.1!c Malicious

DrWeb

Program.RemoteAdmin.837 Malicious

McAfee

PUP-RemoteAdmin.a Malicious

Malwarebytes

RiskWare.NetSupport.RAT Malicious

Zillya

Tool.NetSup.Win32.9 Malicious

CrowdStrike

win/grayware_confidence_100% (W) Malicious

Alibaba

RiskWare:Win32/NetSup.f4fc8ee0 Malicious

K7GW

Riskware ( 00584baa1 ) Malicious

K7AntiVirus

Riskware ( 00584baa1 ) Malicious

Cyren

W32/Tool.EQYN-2153 Malicious

Kaspersky

not-a-virus:RemoteAdmin.Win32.NetSup.i Malicious

BitDefender

Application.RemoteAdmin.NetSupport.A Malicious

ViRobot

Backdoor.Win32.S.Agent.105848 Malicious

MicroWorld-eScan

Application.RemoteAdmin.NetSupport.A Malicious

Emsisoft

Application.RemoteAdmin.NetSupport.A (B) Malicious

VIPRE

Application.RemoteAdmin.NetSupport.A Malicious

McAfee-GW-Edition

PUP-RemoteAdmin.a Malicious

FireEye

Application.RemoteAdmin.NetSupport.A Malicious

Jiangmin

RemoteAdmin.NetSup.s Malicious

MAX

malware (ai score=99) Malicious

Antiy-AVL

GrayWare/Win32.Ta505 Malicious

Xcitium

ApplicUnwnt@#3tkoudphjgdqt Malicious

Arcabit

Application.RemoteAdmin.NetSupport.A Malicious

ZoneAlarm

not-a-virus:RemoteAdmin.Win32.NetSup.i Malicious

GData

Application.RemoteAdmin.NetSupport.A Malicious

Google

Detected Malicious

ALYac

Misc.Riskware.RemoteAdmin Malicious

Cylance

unsafe Malicious

Rising

HackTool.NetSupport!1.E317 (CLASSIC) Malicious

Yandex

Riskware.RemoteAdmin!myez5VmqQPE Malicious

MaxSecure

Trojan.Malware.115193137.susgen Malicious

Fortinet

Riskware/NetSup Malicious

DeepInstinct

MALICIOUS Malicious

37 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 7ab97f9a18df8912f41d7f950deec5ba Fuzzy: 162007db970dcccb1bc04cbb1ee91ab3 dHash: 0d0d12d130a0a040
Image Base	`0x00400000`
Entry Point	`0x00401020`
Compilation Time	2015-07-31 14:42:28
Checksum	0x00024b84 (Actual: 0x00024b84)
OS Version	5.1
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
PDB Path	`E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb`
Digital Signature	SignerInfo.version must be 1, not 0
Imports	2 libraries PCICL32, KERNEL32
Exports	0 functions
Resources	12 Resources
Sections	4 Sections

Digital Signatures

▼

UTN-USERFirst-Object	COMODO CA Limited (GB)
Symantec Class 3 SHA256 Code Signing CA	NetSupport Ltd (GB)
VeriSign Class 3 Public Primary Certification Authority - G5	Symantec Corporation (US)

Version Information

▼

Comments
CompanyName	NetSupport Ltd
FileDescription	NetSupport Client Application
FileVersion	V12.10
InternalName	client32
LegalCopyright	Copyright (c) 2015, NetSupport Ltd
LegalTrademarks
OriginalFilename	client32.exe
PrivateBuild	V12.10
ProductName	NetSupport Manager
ProductVersion	V12.10
SpecialBuild
Translation	0x0809 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	176 bytes	512 bytes	2.54 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`6C5D320751A0E31B0349B9E3B672644E`
`.rdata`	`0x00002000`	342 bytes	512 bytes	3.43 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`A77B7C2478F61E6D0C09B3AADD394DDC`
`.rsrc`	`0x00003000`	92,624 bytes	92,672 bytes	4.07 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`10ADEF1CE1AAAC5F79E976530994B6F5`
`.reloc`	`0x0001a000`	108 bytes	512 bytes	0.22 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`5FF867EEB2CFC03DCD561EAE5B7D599B`

Resource Analysis

▼

Total Resources: 12 (91,906 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	8	90,416 bytes	98.4%
RT_STRING	1	98 bytes	0.1%
RT_GROUP_ICON	1	118 bytes	0.1%
RT_VERSION	1	928 bytes	1%
RT_MANIFEST	1	346 bytes	0.4%

Certificate Chain Analysis

▼

Certificate #1

Subject	COMODO SHA-1 Time Stamping Signer COMODO CA Limited GB
Issuer	UTN-USERFirst-Object
Serial Number	`117007971038687812527568897756771083`

Certificate #2

Subject	NetSupport Ltd NetSupport Ltd GB
Issuer	Symantec Class 3 SHA256 Code Signing CA
Serial Number	`56474477307736648278971892853731507529`

Certificate #3

Subject	Symantec Class 3 SHA256 Code Signing CA Symantec Corporation US
Issuer	VeriSign Class 3 Public Primary Certification Authority - G5
Serial Number	`81710363848389238104995526639509734954`

Certificate Verification Status

SignerInfo.version must be 1, not 0

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

33 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1

The client32 (NetSupport Client Application) File Analysis

Technical Analysis

Suspicious File Detected

Scan Another File

File Identification

Security Engines with Detections (33 of 70)

PE Analysis

Basic Information

Digital Signatures

Version Information

PE Sections

Resource Analysis

Certificate Chain Analysis

Certificate #1

Certificate #2

Certificate #3

Certificate Verification Status

Remember: This is Result of Online Virus Scanner

Keep Your System Protected

Leave a Comment

Gridinsoft Anti-Malware