home

NetSurvey.exe

中国互联网调查软件客户端

China Internet Network Information Center

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NetSurvey’.
Publisher:
中国互联网络信息中心  (signed by China Internet Network Information Center)

Product:
中国互联网调查软件客户端

Description:
调查软件V2.5

Version:
2.5.0.0

MD5:
4ecfd1cfe1fbe364eadb23c8eb8aa307

SHA-1:
83d403d80a3338514d10c8e32332dd6d3e1c0eab

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 5:01:28 PM UTC  (today)

File size:
1.4 MB (1,501,744 bytes)

Product version:
2.5.0.0

Copyright:
TODO: (C) <公司名>。保留所有权利。

Original file name:
NetSurvey.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\netsurvey\netsurvey.exe

Digital Signature
Signed by:
China Internet Network Information Center

Authority:
VeriSign, Inc.

Valid from:
11/12/2012 8:00:00 AM

Valid to:
12/13/2014 7:59:59 AM

Subject:
CN=China Internet Network Information Center, OU=Development Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=China Internet Network Information Center, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2579F6755B1EC8919507B6EDAE0A947B

File PE Metadata
Compilation timestamp:
10/9/2013 4:32:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:lZqh2CzaSXO2ytqmE7fuUp0kBLrIgjFZUmq1GMTWU/JTo:lEhZzaSXSoTp0ErIgjFyGMTWU/JM

Entry address:
0x7A302

Entry point:
E8, 1A, B8, 00, 00, E9, 16, FE, FF, FF, 83, 3D, 88, E5, 4E, 00, 00, 74, 15, 68, 88, E5, 4E, 00, E8, 51, 62, 00, 00, 85, C0, 59, 74, 06, FF, 15, 88, E5, 4E, 00, 56, E8, 75, 44, 00, 00, 8B, F0, 85, F6, 74, 16, 8B, 46, 04, 83, F8, FF, 74, 07, 50, FF, 15, 18, A4, 4E, 00, 56, E8, 0A, 46, 00, 00, 59, 6A, 00, FF, 15, E0, A1, 4E, 00, 5E, 6A, 0C, 68, F0, FE, 50, 00, E8, 9B, 1F, 00, 00, E8, B6, 44, 00, 00, 83, 65, FC, 00, FF, 70, 58, FF, 50, 54, 59, E9, 96, FF, FF, FF, 8B, 45, EC, 8B, 08, 8B, 09, 89, 4D, E4, 50, 51...
 
[+]

Entropy:
6.2729

Code size:
932 KB (954,368 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NetSurvey

Command:
"C:\Program Files\netsurvey\netsurvey.exe" \auto


Scan NetSurvey.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.