defenderdaemon.exe

Shadow Defender

Yang Ping

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Shadow Defender Daemon’.
Publisher:
SHADOWDEFENDER.COM  (signed by Yang Ping)

Product:
Shadow Defender

Description:
Shadow Defender Daemon Application

Version:
1.4.0.586

MD5:
3317c0a9ada531effeb918970556f68c

SHA-1:
fb5313d442c8f1ef5606c8968e83a33b40cfa050

SHA-256:
86dec88cd2a97c25e446755d15557fdac0ab0e81b7c0bb33ad9628573d7e5831

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 3:00:21 AM UTC  (today)

File size:
371.6 KB (380,568 bytes)

Product version:
1.4.0.586

Copyright:
Copyright (C) 2007-2014, SHADOWDEFENDER.COM. All rights reserved.

Original file name:
Daemon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shadow defender\defenderdaemon.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
5/16/2014 1:44:19 PM

Valid to:
5/18/2017 1:44:19 PM

Subject:
CN=Yang Ping, E=yang.ping@mail.com, L=重庆市, S=重庆市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
6E47A70BFCE998BFCD7998A98DD821D2

File PE Metadata
Compilation timestamp:
7/8/2015 10:52:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:q73wIdan6LrK12UBj3FlaxR5iB68Hbh8UTUsf5NsF88o:Qan6tE3bCGA08UI383

Entry address:
0xABEA

Entry point:
E8, 6D, 45, 00, 00, E9, 79, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 56, D9, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, 88, 10, 42, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01...
 
[+]

Code size:
103.5 KB (105,984 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Shadow Defender Daemon

Command:
"C:\Program Files\shadow defender\defenderdaemon.exe" \auto


Scan defenderdaemon.exe - Powered by Reason Core Security