nznat.exe

NetZone Info-Tech Co., Ltd., Shanghai

The application nznat.exe by NetZone Info-Tech Co.,, Shanghai has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
NetZone Info-Tech Co., Ltd., Shanghai  (signed and verified)

MD5:
7a5e3f784620d5c39a90d6cd41c1988c

SHA-1:
f4b53d0f70b73b5912468f13a1140ed5266642d8

SHA-256:
0554562e99c6862a6725bb42f67e8386dcae90b9e6a1ae507d337d7e79741723

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/16/2017 5:54:43 PM UTC  (ten months ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.NetZoneI
17.1.16.12

File size:
148.9 KB (152,456 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Windows\System32\nznat.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/26/2011 3:00:00 AM

Valid to:
8/5/2012 2:59:59 AM

Subject:
CN="NetZone Info-Tech Co., Ltd., Shanghai", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NetZone Info-Tech Co., Ltd., Shanghai", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
00F1D32C1B972DF4D97FEF5EE83B90E5

File PE Metadata
OS version:
4.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
2.40

Entry address:
0xDEA0

Entry point:
55, 48, 89, E5, 48, 81, EC, C0, 00, 00, 00, 48, 89, 4D, F8, 48, C7, 45, D8, 00, 00, 00, 00, 48, C7, 45, D0, 00, 00, 00, 00, E8, AC, 40, 00, 00, 48, 85, C0, 74, 02, EB, 14, 48, B9, D0, CA, 01, 00, 01, 00, 00, 00, E8, 06, 36, FF, FF, E9, 8F, 06, 00, 00, 48, 8B, 45, F8, 48, 89, 05, 36, 05, 01, 00, 48, B9, F8, CA, 01, 00, 01, 00, 00, 00, E8, D7, 5A, 00, 00, C7, 45, E8, 00, 00, 00, 00, 44, 8B, 45, E8, 48, BA, 0C, CB, 01, 00, 01, 00, 00, 00, 48, B9, 2C, CB, 01, 00, 01, 00, 00, 00, E8, 63, 4B, 00, 00, 44, 8B, 45...
 
[+]

Code size:
107.8 KB (110,352 bytes)

Remove nznat.exe - Powered by Reason Core Security