nsispluginw.dll.tmp

npEB

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The file nsispluginw.dll.tmp by Spigot has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Spigot Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
npEB

Version:
2, 2, 0, 5

MD5:
1c9a9b4928c7c4a60ef4908ef8856fbe

SHA-1:
7541341acb0ec5a0d9df65b1c3cd47c96ac7f714

SHA-256:
6f4e4faf18772f39ac685190ddbbcc9ef8ec433aa594dbd7ad8848795793b901

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
12/25/2024 7:49:09 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160327-1

AVG
Win32/Floxif.A
2015.0.4355

Dr.Web
Adware.Spigot.97, Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
7.0.302.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!1C9A9B4928C7
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.1026.0

Norman
Win32.Floxif.A
10.04.2016 15:29:17

Reason Heuristics
PUP.Spigot.Installer (M)
16.5.8.7

File size:
285.5 KB (292,359 bytes)

Product version:
2, 2, 0, 5

Original file name:
npEB

Installer:
Spigot Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nsispluginw.dll.tmp

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/23/2015 12:00:00 AM

Valid to:
12/22/2016 11:59:59 PM

Subject:
CN="Spigot, Inc.", O="Spigot, Inc.", STREET="774 Mays Blvd. #10-456", L=Incline Village, S=NV, PostalCode=89451, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009AAC5D92E7E2B9208B0D220D9CCC9750

File PE Metadata
Compilation timestamp:
1/11/2016 7:32:10 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:pyXvs6MXk8fOKc9V3U/e1F/fBV+UdvrEFp7hKn:Y9ggKc9V3U/e15BjvrEH7k

Entry address:
0x13EC1

Entry point:
E9, CE, 34, 00, 00, 83, 7D, 0C, 01, 75, 05, E8, 40, 3B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 56, 0E, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 7F, 05, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 31, 0E, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 78, 3B, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3...
 
[+]

Entropy:
7.0319

Packer / compiler:
Xtreme-Protector v1.05

Code size:
141 KB (144,384 bytes)

Remove nsispluginw.dll.tmp - Powered by Reason Core Security