nsispluginw.dll

npEB

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The module nsispluginw.dll by Spigot has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Spigot Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
npEB

Version:
2, 2, 0, 5

MD5:
96ebc6147f35c4dbc5e1dffa167ddc2a

SHA-1:
4fa047414c568b74d5d83e4709229bb44cea5bbe

SHA-256:
19f58b93632f4d6105e193db46cd4bc9d3edfb06fce150d4df6c3bc65b213077

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
12/25/2024 7:50:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Floxif.A
5813571

Avira AntiVirus
TR/Crypt.XPACK.Gen5
7.11.30.172

avast!
Win32:Pioneer-C
160118-1

AVG
Win32/Floxif.A
2015.0.4522

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Spigot.97, Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
10.0.0.5366

ESET NOD32
Win32/Floxif.H virus
7.0.302.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.21

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

Malwarebytes
PUP.Optional.Spigot
v2016.02.01.07

McAfee
Trojan.Dropper-FIY!96EBC6147F35
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5053.0

Norman
Win32.Floxif.A
11.01.2016 17:30:26

Reason Heuristics
PUP.Spigot.Installer (M)
16.2.1.7

Sophos
Virus 'W32/Floxif-C'
5.22

SUPERAntiSpyware
PUP.Spigot/Variant
9350

Trend Micro House Call
Suspicious_GEN.F47V0208
7.2.32

VIPRE Antivirus
Threat.4760052
46444

File size:
285.5 KB (292,359 bytes)

Product version:
2, 2, 0, 5

Original file name:
npEB

File type:
Dynamic link library (Win32 DLL)

Installer:
Spigot Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nsispluginw.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/23/2015 12:00:00 AM

Valid to:
12/22/2016 11:59:59 PM

Subject:
CN="Spigot, Inc.", O="Spigot, Inc.", STREET="774 Mays Blvd. #10-456", L=Incline Village, S=NV, PostalCode=89451, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009AAC5D92E7E2B9208B0D220D9CCC9750

File PE Metadata
Compilation timestamp:
1/11/2016 8:02:10 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:pyXvs6lFk8fOKcb3U/e1F/fBV+UdvrEFp7hKG:Y9lFgKcb3U/e15BjvrEH7N

Entry address:
0x13EC1

Entry point:
E9, 8A, 66, FF, FF, 83, 7D, 0C, 01, 75, 05, E8, 40, 3B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 56, 0E, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 7F, 05, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 31, 0E, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 78, 3B, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3...
 
[+]

Entropy:
7.0377

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
141 KB (144,384 bytes)

Remove nsispluginw.dll - Powered by Reason Core Security