home

NiuDun.exe

牛盾

Shanghai Tuizhong Network Technology Studio

The application NiuDun.exe, “牛盾浏览器保护,还您一个健康安全的网络” by Shanghai Tuizhong Network Technology Studio has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
牛盾浏览器保护中心  (signed by Shanghai Tuizhong Network Technology Studio)

Product:
牛盾

Description:
牛盾浏览器保护,还您一个健康安全的网络

Version:
1.00

MD5:
cf709b698f14d18a53946657cebb3217

SHA-1:
1f01edac5ca7bb88bfc149707d41a949f45d936b

SHA-256:
0f2ee12053ffe4bd4b84b4aa147e7f345196bd4c8a3d410ca73d0de2324662ac

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 8:22:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader.STN (M)
16.7.30.9

File size:
1.4 MB (1,463,704 bytes)

Product version:
1.00

Copyright:
NiuDunSoft Protect Center

Trademarks:
NiuDun

Original file name:
NiuDun.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\niudun\niudun.exe

Digital Signature
Signed by:
Shanghai Tuizhong Network Technology Studio

Authority:
VeriSign, Inc.

Valid from:
5/7/2012 8:00:00 AM

Valid to:
5/8/2013 7:59:59 AM

Subject:
CN=Shanghai Tuizhong Network Technology Studio, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Tuizhong Network Technology Studio, L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
168C50E807302FBEE40FD964EF54E7FA

File PE Metadata
Compilation timestamp:
2/24/2013 4:22:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:o1tdlwYox889EOAya6VGPtOVYgnRjJDFUsuajcAcHdpcCvjcvo07Lz:stdlwYoCxUGPKljoJ2cVpE3

Entry address:
0x325C9B

Entry point:
E9, AE, E6, 00, 00, AB, 1E, 63, C2, DF, C5, 9B, CB, 4E, D3, CA, 4E, 61, CC, F6, 58, DD, CA, 11, CA, 70, 1D, 08, C7, 69, 0B, 25, A8, 58, DD, 68, 35, B2, A4, 51, 86, 88, FA, 4A, 1D, F8, 6A, 2C, B2, 73, F2, 68, 46, 0F, 97, EB, 06, 04, 39, 46, C6, 1A, 9C, EB, A8, 81, A6, DA, C7, 6A, D8, 7D, 30, 47, 19, CF, AB, F4, E6, 82, 51, 33, 13, 26, 07, 82, AB, FB, D7, AF, EA, 30, B9, 0D, 74, EF, D0, 80, C4, F2, F2, 90, 4D, 47, 72, 0B, FF, 2C, EB, 46, 76, 7A, 97, 93, 6A, 3C, BE, 0C, 43, 10, B8, 87, 93, 48, F3, 08, F5, 83...
 
[+]

Entropy:
7.9157

Packer / compiler:
Xtreme-Protector v1.05

Code size:
972 KB (995,328 bytes)

Remove NiuDun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.