home

NetSurvey.exe

CNNIC反钓鱼软件

China Internet Network Information Center

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NetSurvey’.
Publisher:
中国互联网络信息中心  (signed by China Internet Network Information Center)

Product:
CNNIC反钓鱼软件

Description:
CNNIC反钓鱼软件V2.4

Version:
2.4.0.0

MD5:
52c50de8f516f39ce8f221a8302623b9

SHA-1:
12c428541a3e3a6b9ac5a3defb3f1a4cbc52c210

SHA-256:
e0fbc5a606a3fdf5b8144cfc6baf59e927b4635365fe1400620963517271aef3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 2:21:45 PM UTC  (today)

File size:
991.3 KB (1,015,072 bytes)

Product version:
2.4.0.0

Copyright:
TODO: (C) <公司名>。保留所有权利。

Original file name:
NetSurvey.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
China Internet Network Information Center

Authority:
VeriSign, Inc.

Valid from:
11/12/2012 8:00:00 AM

Valid to:
12/13/2014 7:59:59 AM

Subject:
CN=China Internet Network Information Center, OU=Development Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=China Internet Network Information Center, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2579F6755B1EC8919507B6EDAE0A947B

File PE Metadata
Compilation timestamp:
10/12/2012 11:52:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:Mk0vttyKQfGARc1wf5RAzSeLppHQEc6/re99dul6xu+kDlbUu32ET5bU4d:MT01fEmeLppHQEcvS6Y/bUumEb

Entry address:
0x6014D

Entry point:
E8, 14, BD, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, C8, 30, 4B, 00, 00, 74, 05, E9, C5, BD, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01...
 
[+]

Entropy:
6.0578

Code size:
564 KB (577,536 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NetSurvey

Command:
"C:\netantiphishing\netsurvey.exe"


Scan NetSurvey.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.