» ShouHuS.exe
Overview
Analysis
File Details
Behaviors (1)

ShouHuS.exe

浏览器守护神

Shanghai Zhenrui Network Technology Studio

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ShouHuS’.

File name:

ShouHuS.exe

Publisher:

Shanghai Tuizhong NetWork (signed by Shanghai Zhenrui Network Technology Studio)

Product:

浏览器守护神

Description:

浏览器守护神,由Shanghai TuiZhong出品,安全保护浏览器不受侵害update

Version:

1.00

MD5:

3d9510ab2cc1724168631690d72ae44c

SHA-1:

15c9a460bb8ccc8caee29e874349e219abe8bce7

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/5/2024 10:35:08 AM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

Suspicious_GEN.F47V0207

7.2.30

File size:

1.4 MB (1,471,904 bytes)

Product version:

1.00

Shanghai Tuizhong NetWork

Trademarks:

ShouHuS

Original file name:

ShouHuS.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\shouhus\shouhus.exe

Digital Signature

Signed by:

Shanghai Zhenrui Network Technology Studio

Authority:

VeriSign, Inc.

Valid from:

5/6/2013 9:00:00 AM

Valid to:

5/7/2014 8:59:59 AM

Subject:

CN=Shanghai Zhenrui Network Technology Studio, OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Zhenrui Network Technology Studio, L=ShangHai, S=ShangHai, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

40210EB4B5038CD40C7B282FA7C94440

File PE Metadata

Compilation timestamp:

5/20/2013 6:18:41 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x21CB5D

Entry point:

60, E8, 3C, 1B, 11, 00, 66, 85, F2, 66, BB, E8, CA, 80, EB, 40, 89, C3, 38, FC, 80, 3F, 23, E9, 04, 75, 10, 00, 8D, 64, 24, 04, 0F, 82, EE, DF, FF, FF, F8, 80, 7F, FF, 00, 9C, 8D, 64, 24, 04, 0F, 85, 3E, 00, 00, 00, 0F, 81, BE, 4F, 15, 00, 8B, 7A, 24, F8, 01, C7, 66, 81, FE, EE, BA, 0F, B7, 0C, 4F, 66, FF, C7, 66, 0F, BC, F9, 66, FF, CF, 66, 0F, A3, D1, 8B, 7A, 1C, 38, DE, 60, E9, EA, 50, 00, 00, C6, 47, FF, 00, E8, 1B, 35, 00, 00, 8B, 75, 0C, 8D, 64, 24, 08, 51, 89, 04, 24, F6, D0, 9C, E8, 9C, F7, 10, 00... 
[+]

Entropy:

7.9199

Packer / compiler:

ASPack v1.08.04

Code size:

912 KB (933,888 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ShouHuS

Command:

"C:\Program Files\shouhus\shouhus.exe" \run

Scan ShouHuS.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.