home

Service.exe

Service Application

Yang Ping

It runs as a separate (within the context of its own process) windows Service named “Shadow Defender Service”.
Publisher:
SHADOWDEFENDER.COM  (signed by Yang Ping)

Product:
Service Application

Description:
Shadow Defender Service Application

Version:
1.4.0.653

MD5:
e5e511784ccd98ef72fa07e64671d3ad

SHA-1:
1334a1befa5ac01289cfbb6e047a64670e199fea

SHA-256:
2762964e6c92a611e45a79c58f9ee81def2872a97b85077f182824cb5a790180

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 5:55:30 AM UTC  (today)

File size:
112.2 KB (114,896 bytes)

Product version:
1.4.0.653

Copyright:
Copyright (C) 2007-2016, SHADOWDEFENDER.COM. All rights reserved.

Original file name:
Service.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shadow defender\service.exe

Digital Signature
Signed by:
Yang Ping

Authority:
WoSign CA Limited

Valid from:
4/8/2016 9:04:32 AM

Valid to:
6/8/2017 9:04:32 AM

Subject:
CN=Yang Ping, L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5E4DC82C530C9D86101BAD3939FCED12

File PE Metadata
Compilation timestamp:
10/15/2016 7:54:51 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3072:/yBwZo+xKyl3sXz/v22DXa8TobKgVVZKKIx:/yZyeX8cKW

Entry address:
0x1D99

Entry point:
E8, 83, 02, 00, 00, E9, 8E, FE, FF, FF, E9, 19, 36, 00, 00, 3B, 0D, 14, 80, 41, 00, F2, 75, 02, F2, C3, F2, E9, 0A, 06, 00, 00, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C, 3B, 4A, 0C, 72, 0A, 8B, 42, 08, 03, 42, 0C, 3B, C8, 72, 0C, 83, C2, 28, 3B, D6, 75, EA, 33, C0, 5E, 5D, C3, 8B, C2, EB, F9, E8, 56, 08, 00, 00, 85, C0, 75, 03, 32, C0, C3, 64, A1, 18, 00, 00, 00, 56, BE, 7C, 87, 41, 00, 8B, 50, 04, EB...
 
[+]

Entropy:
6.6376

Code size:
63 KB (64,512 bytes)

Service
Display name:
Shadow Defender Service

Service name:
{0CBD4F48-3751-475D-BE88-4F271385B672}

Type:
Win32OwnProcess


Scan Service.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.