» shielden.exe
Overview
Analysis
File Details

shielden.exe

Shielden

Shanghai Bo Yi Information Technology Co. Ltd.

File name:

shielden.exe

Publisher:

Safengine (signed by Shanghai Bo Yi Information Technology Co. Ltd.)

Product:

Shielden

Description:

Shielden - Professional Software Protection Tool

Version:

2.3.0.0

MD5:

784b01577573fc60e76cbdf27334f75a

SHA-1:

b78926d84a2c22de17a27bbe3f36449ec48469a4

SHA-256:

51712c459fc443d685e814b2ad9213309fc79ce60fe848b66cc842927b9e5571

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/8/2024 1:39:56 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Generic

14.05.24

AVG

Win32/Heur

2015.0.3465

Comodo Security

TrojWare.Win32.Amtar.KNB

18107

Norman

Genetik.AD

11.20140524

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14522

File size:

5.3 MB (5,507,304 bytes)

Product version:

2.3.0.0

2007 - 2014 Safengine

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Shanghai Bo Yi Information Technology Co. Ltd.

Authority:

VeriSign, Inc.

Valid from:

2/7/2014 3:30:00 AM

Valid to:

3/20/2015 3:29:59 AM

Subject:

CN=Shanghai Bo Yi Information Technology Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Bo Yi Information Technology Co. Ltd., L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

747257F202E9C962C91B4EDA689D5DBB

File PE Metadata

Compilation timestamp:

4/2/2014 2:07:37 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:J45IAcXW7vj1Bd0J0nruRMtKQ6aNkI29qtP+uiXGx5DFLlRWLNG9LwgF:qKAfj1BGOnLKskI4qtWXGxNRs3gF

Entry address:

0x6646C0

Entry point:

E8, 1F, 00, 00, 00, 53, 61, 66, 65, 6E, 67, 69, 6E, 65, 20, 4E, 65, 74, 4C, 69, 63, 65, 6E, 73, 6F, 72, 20, 76, 32, 2E, 33, 2E, 30, 2E, 30, 00, 9C, 83, EC, 14, EB, AA, 86, 0B, 9B, FE, 0D, C9, 2E, 39, 18, 0F, AB, E1, 0F, CB, 8B, 5C, 24, 12, 8D, 64, 24, 03, 89, 74, 24, 02, 66, 87, F1, E9, B0, FC, FF, FF, 66, 5A, 8D, 14, B5, 00, 00, 00, 00, 66, FF, 74, 24, 10, 8D, 14, B5, 00, 00, 00, 00, 66, 8B, 54, 24, 10, 87, 54, 24, 0F, EB, 1F, 7B, 52, CD, 5C, AF, 8B, D7, EB, D7, 66, 8F, 44, 24, 0C, 83, EC, 04, 0F, 92, C2... 
[+]

Entropy:

7.7740 (probably packed)

Scan shielden.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.