home

knsdtray.exe

可牛杀毒

可牛网络技术(北京)有限公司

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘knsdtray’.
Publisher:
Keniu Network Technology.  (signed by 可牛网络技术(北京)有限公司)

Product:
可牛杀毒

Description:
Keniu Monitor Tray

Version:
1.0.1.1132

MD5:
0b3596ef689ce7b95b0e19d902cae07c

SHA-1:
9a32e88d30d482ea86334936c37d0312b310759a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2025 6:56:48 PM UTC  (today)

File size:
973 KB (996,304 bytes)

Product version:
1.0.1.1132

Copyright:
Copyright (C) 2009-2010 Keniu Network Technology.

Original file name:
knsdtray.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\keniu\keniu shadu\knsdtray.exe

Digital Signature
Signed by:
可牛网络技术(北京)有限公司

Authority:
WoSign, Inc.

Valid from:
11/4/2009 8:00:00 AM

Valid to:
11/4/2012 7:59:59 AM

Subject:
CN="Keniu Network Technology (Beijing) Co., Ltd.", OU=Class 3 - for Microsoft Authenticode Signing, O=可牛网络技术(北京)有限公司, L=朝阳区, S=北京市, C=CN

Issuer:
CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:
523B3D050ED90064B374367AFBD57184

File PE Metadata
Compilation timestamp:
8/26/2010 12:05:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x80360

Entry point:
E8, 55, D7, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 83, EC, 18, 53, FF, 75, 0C, 8D, 4D, E8, E8, 1A, BC, FF, FF, 8B, 5D, 08, 81, FB, 00, 01, 00, 00, 73, 54, 8B, 4D, E8, 83, B9, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, E8, 50, 6A, 02, 53, E8, 43, CA, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, C8, 00, 00, 00, 0F, B6, 04, 58, 83, E0, 02, 85, C0, 74, 0F, 8B, 81, D0, 00, 00, 00, 0F, B6, 04, 18, E9, AB, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C3, E9, A4, 00, 00, 00, 8B, 45, E8, 83, B8...
 
[+]

Entropy:
6.6765

Code size:
636 KB (651,264 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
knsdtray

Command:
"C:\Program Files\keniu\keniu shadu\knsdtray.exe" -autorun


Scan knsdtray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.