home

npshsuning64.dll

苏宁易付宝网络支付平台密码安全控件

Nanjing Suning yifubao Network Technology Co., Ltd.

It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘shahai Password Plugin’.
Publisher:
南京苏宁易付宝网络科技有限公司  (signed by Nanjing Suning yifubao Network Technology Co., Ltd.)

Product:
苏宁易付宝网络支付平台密码安全控件

Version:
10.0.0.36

MD5:
a0b12d804b6e18144d519f28c8126598

SHA-1:
9c4f6873d2a74d32957898b0c355b490e8f788c3

SHA-256:
215394dbe5c0032b8236455369ea561b7ca5dc8a0763640f9940be4e75573897

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 10:36:50 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Generic Obfuscated.c
5600.7055

File size:
692 KB (708,600 bytes)

Product version:
10.0.0.36

Copyright:
shahaiinfo. All rights reserved.

Original file name:
npshsuning.dll

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\windows\syswow64\suning\npshsuning64.dll

Digital Signature
Signed by:
Nanjing Suning yifubao Network Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/20/2013 8:00:00 AM

Valid to:
4/19/2016 7:59:59 AM

Subject:
CN="Nanjing Suning yifubao Network Technology Co., Ltd.", OU=yifubao, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Nanjing Suning yifubao Network Technology Co., Ltd.", L=jiangsu, S=nanjing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
678A635D718CDE7CD20189555FBBD131

Registration
CLSID:
{E1AE39A7-9F2D-4e3d-9346-212EF73BFC16}

ProgID:
ATL2.MyEditBox.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
12/4/2013 11:57:58 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:+HFDcBWpFP3Vv7gnhwdSFOx1QqZSbPQ2W1PbPJgSKLjo7WvY8DmljU03m:+HFQB2dvkhmSFOx1dAbctA8ivY8i202

Entry address:
0x14A225

Entry point:
E9, 60, 12, FA, FF, 0F, 86, 18, 62, FF, FF, 66, 0F, BD, F0, 83, E9, 01, 66, 0F, BE, FB, 89, 4D, FC, 48, C1, EE, 23, 8B, 4D, F8, 66, F7, D7, F7, D6, F7, DE, 66, 01, C6, 03, 4D, FC, E9, 6A, 69, FA, FF, E9, F7, 5B, FA, FF, 0F, B7, 0C, 4F, 48, 0F, A4, DF, 34, 66, C1, EF, 0C, 8B, 7A, 1C, 48, 0F, A3, DD, 84, CC, F9, F9, 48, 01, C7, F8, F8, F8, 66, 39, C5, 8B, 3C, 8F, F8, F5, 85, FF, E9, F7, 37, 00, 00, 8F, C1, 00, 72, 6A, EB, FF, 83, E5, 84, C9, 7C, 83, D1, 6D, F4, 13, AA, 0F, 46, 90, E8, 0D, A6, B9, 9D, 2E, 1B...
 
[+]

Entropy:
7.9243  (probably packed)

Code size:
336.5 KB (344,576 bytes)

Mozilla Plugin
Name:
shahai Password Plugin


Scan npshsuning64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.