home

npshsuning64.dll

苏宁易付宝网络支付平台密码安全控件

Nanjing Suning yifubao Network Technology Co., Ltd.

It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘shahai Password Plugin’.
Publisher:
南京苏宁易付宝网络科技有限公司  (signed by Nanjing Suning yifubao Network Technology Co., Ltd.)

Product:
苏宁易付宝网络支付平台密码安全控件

Version:
10.0.0.34

MD5:
b6299db0a42a39eff24df46885b7ea37

SHA-1:
daa471f005f15cb6f74ca1a4ef81c2f8b3efe052

SHA-256:
3611ae82bf90c83b731f417f099caa15b086a6adba00d229c611ccc7da1fbb19

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 12:52:22 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Generic Obfuscated.c
5600.6979

File size:
679.5 KB (695,800 bytes)

Product version:
10.0.0.34

Copyright:
shahaiinfo. All rights reserved.

Original file name:
npshsuning.dll

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\windows\syswow64\suning\npshsuning64.dll

Digital Signature
Signed by:
Nanjing Suning yifubao Network Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/20/2013 8:00:00 AM

Valid to:
4/19/2016 7:59:59 AM

Subject:
CN="Nanjing Suning yifubao Network Technology Co., Ltd.", OU=yifubao, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Nanjing Suning yifubao Network Technology Co., Ltd.", L=jiangsu, S=nanjing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
678A635D718CDE7CD20189555FBBD131

Registration
CLSID:
{E1AE39A7-9F2D-4e3d-9346-212EF73BFC16}

ProgID:
ATL2.MyEditBox.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
10/24/2013 2:14:45 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:94yl6yp6wnnkfECBXYT4uE9sFz1VynKXd90Bbo6GI5mWcappUYmiuCDjFUFqsKl:94EZ6MkfE4iLhhd2BbouoVapGYmnmjim

Entry address:
0xF4448

Entry point:
E9, 9E, 36, FF, FF, 48, 81, F9, 68, 2E, D0, 17, 00, D2, E9, 7D, F1, FE, FF, BD, 9D, 7E, F0, C7, F0, FF, 01, 4F, 0A, A9, B4, DB, 70, C4, AA, E4, 8E, 31, 82, F1, 77, E1, 8E, 09, 6A, 5E, 53, 0E, 69, 62, EE, BB, B1, CB, AD, 48, 66, E0, 90, FC, 4A, F1, 62, 4E, 0A, D3, 81, 38, 0C, 49, D9, 9C, C9, 7B, EA, 37, E0, 2E, 26, A7, D3, 93, 26, 61, B6, 03, 65, FC, 4A, FF, 57, F5, 36, D2, C0, 17, 85, 7E, F2, D0, B5, DF, 3C, 86, E8, 7D, 98, EF, 9F, 79, A0, 8A, 49, 63, 08, E4, 00, F5, 03, 14, 96, BC, EC, C0, 1A, B6, 5D, A9...
 
[+]

Entropy:
7.9235

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
335.5 KB (343,552 bytes)

Mozilla Plugin
Name:
shahai Password Plugin


Scan npshsuning64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.