home

defenderdaemon.exe

Shadow Defender

Yang Ping

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Shadow Defender Daemon’.
Publisher:
SHADOWDEFENDER.COM  (signed by Yang Ping)

Product:
Shadow Defender

Description:
Shadow Defender Daemon Application

Version:
1.4.0.578

MD5:
08e103fe1abf3ceeaa7b4fc570ec04ed

SHA-1:
b18468a9e1cf157e55904faa590332cc4948a8d3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/2/2024 1:36:48 PM UTC  (today)

File size:
364.7 KB (373,480 bytes)

Product version:
1.4.0.578

Copyright:
Copyright (C) 2007-2014, SHADOWDEFENDER.COM. All rights reserved.

Original file name:
Daemon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shadow defender\defenderdaemon.exe

Digital Signature
Signed by:
Yang Ping

Authority:
WoSign CA Limited

Valid from:
5/16/2014 1:44:19 PM

Valid to:
5/18/2017 1:44:19 PM

Subject:
CN=Yang Ping, E=yang.ping@mail.com, L=重庆市, S=重庆市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
6E47A70BFCE998BFCD7998A98DD821D2

File PE Metadata
Compilation timestamp:
1/1/2015 5:32:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xAB8A

Entry point:
E8, 6D, 45, 00, 00, E9, 79, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 26, D9, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, 88, 10, 42, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01...
 
[+]

Entropy:
6.1229

Code size:
103.5 KB (105,984 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Shadow Defender Daemon

Command:
"C:\Program Files\shadow defender\defenderdaemon.exe" \auto


Scan defenderdaemon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.