» npsharecom64.dll
Overview
Analysis
File Details
Behaviors (1)

npsharecom64.dll

Shahai ShareCom Plugin

Nanjing Suning yifubao Network Technology Co., Ltd.

It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘Shahai ShareCom Plugin’.

File name:

npsharecom64.dll

Publisher:

Shahai Info (signed by Nanjing Suning yifubao Network Technology Co., Ltd.)

Product:

Shahai ShareCom Plugin

Version:

1.0.0.26

MD5:

6fa0f9bd63292f704a8dd8121459dbf1

SHA-1:

305fb5a1ef882ab8ca51b3d49b51513837984602

SHA-256:

a4fc8a9b835343e533840636a565ed019906f751e11e0c854df3bd27d1a85603

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/24/2024 12:54:10 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

19313

McAfee

Generic Obfuscated.c

5600.7055

Trend Micro House Call

Suspicious_GEN.F47V0729

7.2.277

File size:

876 KB (897,000 bytes)

Product version:

1.0.0.26

Original file name:

npShareCom.dll

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\windows\syswow64\shahai\npsharecom64.dll

Digital Signature

Signed by:

Nanjing Suning yifubao Network Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

3/20/2013 8:00:00 AM

Valid to:

4/19/2016 7:59:59 AM

Subject:

CN="Nanjing Suning yifubao Network Technology Co., Ltd.", OU=yifubao, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Nanjing Suning yifubao Network Technology Co., Ltd.", L=jiangsu, S=nanjing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

678A635D718CDE7CD20189555FBBD131

Registration

CLSID:

{82B6898B-A0B5-48E2-9D35-C2DE65F2299D}

ProgID:

ShareCtrl.1.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

5/6/2014 12:25:30 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:WV1wenCbt+GDnsarYIab67kfluf5nC2Fk9uCjOi:wTSt3DssYO9ntkMC1

Entry address:

0x1A107D

Entry point:

E9, F4, 1E, 00, 00, E9, E4, 23, 00, 00, E9, 6C, 42, 01, 00, 8C, BC, BD, 2F, FC, E5, FF, 40, 8E, C1, DF, 86, A3, A6, B0, 9D, DD, 74, 2A, 2E, 7C, E3, 05, 71, 51, F2, 2E, 2B, BB, 91, F4, 80, 51, 6A, 51, 1A, 59, 13, 76, 38, FA, 54, 2F, 18, F9, 63, 56, F9, 93, BD, 79, A7, 59, ED, CA, 3B, 0D, BA, 08, 48, 4D, 02, 0A, A5, A1, 3D, FA, 8F, F3, 7E, F0, 8A, 23, 7A, 3B, BD, 25, 32, A1, 0E, 2D, 2D, 42, 66, BA, 08, 48, 39, EF, F1, 8F, 80, 73, 7F, E7, 71, 6F, 42, 44, 01, 98, F2, B6, 3D, 0C, 21, 77, 03, A9, E6, F2, D5, 1D... 
[+]

Entropy:

7.9391

Packer / compiler:

Xtreme-Protector v1.05

Code size:

635 KB (650,240 bytes)

Mozilla Plugin

Name:

Shahai ShareCom Plugin

Scan npsharecom64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.