» sysnetwk.exe
Overview
Analysis
File Details
Behaviors (1)

sysnetwk.exe

Microsoft Windows Operating System

Lei Qing

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application sysnetwk.exe, “Windows System Network Core Module” by Lei Qing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 8080 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

sysnetwk.exe

Publisher:

Microsoft Corporation (signed by Lei Qing)

Product:

Microsoft Windows Operating System

Description:

Windows System Network Core Module

Version:

6.3.9600.17284 (aaa.140822-1915)

MD5:

9b6ed13f694a2a6ea1013bc2ec5ecd91

SHA-1:

f4082bba6c7d1b027fdd9cb418abcf74e980ad4d

SHA-256:

7d6d26afd4dd418703fbf26bda7aa90200058de7676423202fa5d1f1df39d487

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

3/7/2026 2:25:04 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Elex.LeiQing.Meta (M)

16.7.9.11

File size:

292.6 MB (306,789,056 bytes)

Product version:

sysnetwk 2.4

Original file name:

sysnetwk.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\microsoft\network\dsq\network\sysnetwk.exe

Digital Signature

Signed by:

Lei Qing

Authority:

WoSign CA Limited

Valid from:

8/19/2015 3:00:23 AM

Valid to:

8/19/2016 3:00:23 AM

Subject:

CN=Lei Qing, L=Tianjin, S=Tianjin, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

2B8E845E7AA055FC643B525DF3001A41

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

3.0

CTPH (ssdeep):

1572864:BJXyczuIJXyczuIJXyczuIJXyczuIJXyczuIJXyczuIJXyczuIJXyczuIJXyczuk:f

Entry address:

0x54020

Entry point:

83, EC, 0C, 8B, 44, 24, 0C, 8D, 5C, 24, 10, 89, 44, 24, 04, 89, 5C, 24, 08, C7, 04, 24, FF, FF, FF, FF, E9, 01, 00, 00, 00, CC, E9, 0B, D3, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 5C, 24, 04, 64, C7, 05, 34, 00, 00, 00, 00, 00, 00, 00, 89, E5, 8B, 4B, 04, 89, C8, C1, E0, 02, 29, C4, 89, E7, 8B, 73, 08, FC, F3, A5, FF, 13, 89, EC, 8B, 5C, 24, 04, 89, 43, 0C, 89, 53, 10, 64, 8B, 05, 34, 00, 00, 00, 89, 43, 14, C3, CC, CC, CC, CC, 83, EC, 18, C7, 04, 24, F4, FF, FF, FF, 89, E5, FF, 15, 58, A0... 
[+]

Entropy:

5.9420

Code size:

7.2 MB (7,573,504 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:8080/

Local host port:

8080

Default credentials:

Remove sysnetwk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.