home

NiuDun.exe

牛盾

Shanghai Tuizhong Network Technology Studio

The application NiuDun.exe, “牛盾浏览器保护,还您一个健康安全的网络” by Shanghai Tuizhong Network Technology Studio has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
牛盾浏览器保护中心  (signed by Shanghai Tuizhong Network Technology Studio)

Product:
牛盾

Description:
牛盾浏览器保护,还您一个健康安全的网络

Version:
1.00

MD5:
75cc6e3ada4157d16ab8c0cc5b3565bf

SHA-1:
d3cb681f18b273c566008b229ed909b6fb23cfb7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:44:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader.STN (M)
16.10.2.12

File size:
1.4 MB (1,459,608 bytes)

Product version:
1.00

Copyright:
NiuDunSoft Protect Center

Trademarks:
NiuDun

Original file name:
NiuDun.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\niudun\niudun.exe

Digital Signature
Signed by:
Shanghai Tuizhong Network Technology Studio

Authority:
VeriSign, Inc.

Valid from:
5/7/2012 8:00:00 AM

Valid to:
5/8/2013 7:59:59 AM

Subject:
CN=Shanghai Tuizhong Network Technology Studio, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Tuizhong Network Technology Studio, L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
168C50E807302FBEE40FD964EF54E7FA

File PE Metadata
Compilation timestamp:
3/26/2013 10:56:06 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:mxvTU8Bn8uXOf9224QXmv53WNmrVuonT6zw52R4/WhCJMJtb10+WuF:mvw8av2XQ29WNvWTie2R4/WVJvuuF

Entry address:
0x230AB2

Entry point:
E8, 7C, 5B, 00, 00, 68, 1F, A7, 03, 6F, F6, D0, 9C, E9, A1, 14, 00, 00, 80, C3, CD, 66, 0F, AB, F3, 89, C3, F8, 80, 3F, 23, 68, 0B, 86, 6A, 0E, E8, 3A, 23, 00, 00, 13, 69, D0, AF, E8, AD, 95, D0, 63, C1, C2, 62, 61, CD, E6, 32, A5, 7B, 74, C2, 31, 8F, DA, 3A, 7B, D7, 20, 72, B5, 65, EB, 33, 0A, 10, C2, 77, D7, 01, 93, 93, 5E, 6A, 23, AF, 0F, 9E, 8C, 37, 5B, 7A, 19, 18, 76, 02, 56, B6, 6B, DF, 20, 7E, A4, E6, 37, 99, D1, 2D, C5, 63, BF, 30, 50, D2, 87, E9, 58, B8, E8, 63, C9, 44, EE, 52, F2, 4B, 38, 33, 51...
 
[+]

Entropy:
7.9188  (probably packed)

Code size:
984 KB (1,007,616 bytes)

Remove NiuDun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.