home

nznat.exe

NetZone Info-Tech Co., Ltd., Shanghai

The application nznat.exe by NetZone Info-Tech Co.,, Shanghai has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
NetZone Info-Tech Co., Ltd., Shanghai  (signed and verified)

MD5:
b5f6da0d16b3026df734462d7098a792

SHA-1:
4f1e4eacde7049af629c24eed448f71ff0e0b69f

SHA-256:
dc6e185189f42cfd6636406a5c43485f1d40b775b12105d57c85612553f03f31

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:50:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.NetZoneI
17.1.18.7

File size:
148.9 KB (152,456 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Windows\System32\nznat.exe

Digital Signature
Signed by:
NetZone Info-Tech Co., Ltd., Shanghai

Authority:
VeriSign, Inc.

Valid from:
7/26/2011 8:00:00 AM

Valid to:
8/5/2012 7:59:59 AM

Subject:
CN="NetZone Info-Tech Co., Ltd., Shanghai", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NetZone Info-Tech Co., Ltd., Shanghai", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
00F1D32C1B972DF4D97FEF5EE83B90E5

File PE Metadata
OS version:
4.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
2.40

Entry address:
0xDEA0

Entry point:
55, 48, 89, E5, 48, 81, EC, C0, 00, 00, 00, 48, 89, 4D, F8, 48, C7, 45, D8, 00, 00, 00, 00, 48, C7, 45, D0, 00, 00, 00, 00, E8, AC, 40, 00, 00, 48, 85, C0, 74, 02, EB, 14, 48, B9, D0, CA, 01, 00, 01, 00, 00, 00, E8, 06, 36, FF, FF, E9, 8F, 06, 00, 00, 48, 8B, 45, F8, 48, 89, 05, 36, 05, 01, 00, 48, B9, F8, CA, 01, 00, 01, 00, 00, 00, E8, D7, 5A, 00, 00, C7, 45, E8, 00, 00, 00, 00, 44, 8B, 45, E8, 48, BA, 0C, CB, 01, 00, 01, 00, 00, 00, 48, B9, 2C, CB, 01, 00, 01, 00, 00, 00, E8, 63, 4B, 00, 00, 44, 8B, 45...
 
[+]

Entropy:
5.7373

Code size:
107.8 KB (110,352 bytes)

Remove nznat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.