home

nstool.dll

Next Search

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The module nstool.dll by ClientConnect has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Client Connect LTD  (signed by ClientConnect LTD)

Product:
Next Search

Version:
2.22.26.1

MD5:
24f6577db3bf089af5334a608c1582ae

SHA-1:
2511dcbcf47a4ed93ecdc128bf6e9ffd79f4d04a

SHA-256:
570666bd2a9c6ca15a7c517c7412a57ff3f5ed80945c9b7b890430ec33daec0d

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
12/27/2024 5:20:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit (M)
16.7.27.5

File size:
2.9 MB (3,016,152 bytes)

Product version:
2.22.26.1

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
Next Search

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\nextsearch\main\bin\nstool.dll

Digital Signature
Signed by:
ClientConnect LTD

Authority:
Symantec Corporation

Valid from:
10/2/2014 4:00:00 AM

Valid to:
10/4/2015 3:59:59 AM

Subject:
CN=ClientConnect LTD, OU=Next Search, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1CABAC4D3E9F4D2D0D78D81CA571F1CA

File PE Metadata
Compilation timestamp:
4/12/2015 12:30:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:inXS19fXDXQ3zC+ip5oQeHbhtrGi+YY1zgQbxDgDI0NTDW6ByTZSa+DHVXrl6:iniLXDXQ3zC55orhtrt+0RhDW6y

Entry address:
0x1A3700

Entry point:
B2, 55, 28, 00, 83, 19, 51, BA, 62, CC, 78, E5, B1, C4, 93, 2E, A9, 64, 0E, C8, D6, A3, 28, 79, 4B, 9B, 06, 0C, 14, F5, 90, 1D, 84, A0, 3F, 02, AC, AA, C6, 09, 02, 93, F0, 09, FB, 72, 7C, 98, 79, 35, 6A, 39, 8A, FA, 35, 74, 20, 55, 03, 57, D8, 18, 18, 62, 31, E1, 70, 95, 18, 54, 26, 0B, 96, D9, 3C, 40, 09, B6, 91, 0F, 32, 3A, AB, 2A, D4, 49, 4C, A2, F4, 7E, 12, 09, 8B, D3, 46, 42, 24, 86, 03, 04, 8F, 22, 48, 23, 8A, 4C, 02, 08, 04, 86, D4, 69, 22, 0D, 92, 20, 1A, 85, 50, 01, 74, 9D, 44, 7F, F2, 2A, 43, 10...
 
[+]

Entropy:
7.5636

Code size:
2.1 MB (2,219,520 bytes)

Remove nstool.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.