home

netstream.exe

Headlight Software, Inc.

The executable netstream.exe, “Change Settings that need Admun Privileges” has been detected as malware by 3 anti-virus scanners.
Publisher:
Headlight Software, Inc.

Description:
Change Settings that need Admun Privileges

Version:
1.0.6.5

MD5:
b07125346733ce85c47f4db85711d50f

SHA-1:
01c65823b5e570a37154ef32884eea26e201fb86

SHA-256:
fac42b33d1d45b1e8be7d166d4ef7e997dc26e2d2d6ca0734e7ff5350b6e1ac4

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/1/2025 8:28:28 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Kryptik.FPMF trojan
6.3.12010.0

F-Secure
Variant.Razy.149593
5.16.24

Microsoft Security Essentials
TrojanProxy:Win32/Bunitu.Q!bit
1.237.1169.0

File size:
522.5 KB (535,040 bytes)

Copyright:
Copyright © Headlight Software, Inc. All rights reserved.

Original file name:
AdmunPrivSetting.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\netstream.exe

File PE Metadata
Compilation timestamp:
3/15/2017 6:32:19 AM

OS version:
3.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1240

Entry point:
55, 8B, EC, 83, EC, 0C, E8, 35, FE, FF, FF, A1, 14, E3, 47, 00, 50, FF, 15, CC, A2, 45, 00, 8B, 0D, 14, E3, 47, 00, 51, FF, 15, D0, A2, 45, 00, 8B, 15, 14, E3, 47, 00, 52, FF, 15, D4, A2, 45, 00, FF, 15, D8, A2, 45, 00, 68, D8, D6, 47, 00, FF, 15, DC, A2, 45, 00, FF, 15, E0, A2, 45, 00, A1, 14, E3, 47, 00, 50, FF, 15, E4, A2, 45, 00, FF, 15, E8, A2, 45, 00, 8B, 0D, 14, E3, 47, 00, 51, FF, 15, EC, A2, 45, 00, 8B, 15, 14, E3, 47, 00, 52, FF, 15, F0, A2, 45, 00, A1, 14, E3, 47, 00, 50, FF, 15, F4, A2, 45, 00...
 
[+]

Entropy:
4.4771

Developed / compiled with:
Microsoft Visual C++

Code size:
354 KB (362,496 bytes)

Remove netstream.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.