nsispluginw.dll

npEB

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The module nsispluginw.dll by Spigot has been detected as adware by 9 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
npEB

Version:
2, 2, 0, 5

MD5:
5bec760348473872fdd2f0fb4fc7d842

SHA-1:
4df9a884074a6a6f69863049ed8e28e3b5b24d8d

SHA-256:
65ef50112257904b7e6bf75fc0deaeab677719a33d40ee6e2f176538138d8962

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/25/2024 7:22:27 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Spigot.82
9.0.1.022

Malwarebytes
PUP.Optional.Spigot
v2016.01.22.02

McAfee
Artemis!B031AF93B84D
5600.6512

Reason Heuristics
PUP.Spigot (M)
16.1.22.14

Sophos
Spigot Toolbar (PUA)
4.98

SUPERAntiSpyware
PUP.Spigot/Variant
9370

Trend Micro House Call
Suspicious_GEN.F47V0208
7.2.22

VIPRE Antivirus
Spigot
45024

File size:
209.1 KB (214,080 bytes)

Product version:
2, 2, 0, 5

Original file name:
npEB

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nsispluginw.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/23/2015 5:30:00 AM

Valid to:
12/23/2016 5:29:59 AM

Subject:
CN="Spigot, Inc.", O="Spigot, Inc.", STREET="774 Mays Blvd. #10-456", L=Incline Village, S=NV, PostalCode=89451, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009AAC5D92E7E2B9208B0D220D9CCC9750

File PE Metadata
Compilation timestamp:
1/11/2016 8:02:10 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:2ZUXkqE16MXk9TxkfY/TXDxDu3cvIPDZL3U/eoWdEhWP9c+d6j+/7J9:2yXvs6MXk8fOKcI3U/e1F/J

Entry address:
0x13EC1

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 40, 3B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 56, 0E, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 7F, 05, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 31, 0E, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 78, 3B, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3...
 
[+]

Entropy:
6.4697

Code size:
141 KB (144,384 bytes)

Remove nsispluginw.dll - Powered by Reason Core Security