home

NiuDunHelper.exe

NiuDunHelper

Shanghai Tuizhong Network Technology Studio

The application NiuDunHelper.exe by Shanghai Tuizhong Network Technology Studio has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
NiuDun  (signed by Shanghai Tuizhong Network Technology Studio)

Product:
NiuDunHelper

Version:
1.00

MD5:
350b06c014462ccd97189f0d10e64626

SHA-1:
3f25ecbd4640c34a2baf66cd5b70c4d948f4b781

SHA-256:
aa70d1a69713c74516cf85842e5fb77f562b46d13d26251b5f227903993d2d3e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:49:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader.STN (M)
16.7.30.9

File size:
713.4 KB (730,520 bytes)

Product version:
1.00

Original file name:
NiuDunHelper.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\niudun\niudunhelper.exe

Digital Signature
Signed by:
Shanghai Tuizhong Network Technology Studio

Authority:
VeriSign, Inc.

Valid from:
5/7/2012 8:00:00 AM

Valid to:
5/8/2013 7:59:59 AM

Subject:
CN=Shanghai Tuizhong Network Technology Studio, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Tuizhong Network Technology Studio, L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
168C50E807302FBEE40FD964EF54E7FA

File PE Metadata
Compilation timestamp:
2/24/2013 4:29:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:lTre2kHQSu5VeMLD+Gagmhs2tDgsS2r9vMz7o2s26MxYRYc1V8rWQ+7:9ejzYeSoPHtDgD2ryzJ/6ONi/

Entry address:
0x145F3B

Entry point:
E9, CF, 48, 00, 00, FB, AE, 58, F5, 96, 03, 8C, 50, 25, 44, 96, 6D, 4B, 0A, D8, 27, 50, 80, 76, AD, D2, 02, 81, 6F, 80, 7E, 88, 51, BC, 5F, E8, 90, 87, BF, 69, E4, 0B, 52, FD, 2B, 4B, 18, 9D, FD, 25, D2, CC, A5, 67, 80, 52, A5, 57, 40, 9E, C7, 05, CA, E4, 91, 5B, 98, BE, DB, D9, 53, E8, CC, 23, CF, 0B, 29, C2, 3B, 0D, D9, 75, F1, 56, B8, 73, 4D, 7C, E0, 98, 73, B9, 72, 4C, D7, 94, C2, 3A, 8E, 26, 86, FE, 01, 9B, E7, 23, FB, 04, F0, 16, 57, E9, 66, 1F, ED, E0, 27, F5, 36, FC, 03, CB, 01, 54, C9, 7D, E5, 31...
 
[+]

Entropy:
7.8306

Packer / compiler:
Xtreme-Protector v1.05

Code size:
40 KB (40,960 bytes)

Remove NiuDunHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.