home

npABCUtilapp.dll

npABCUtilapp

Agricultural Bank of China

It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘ABCUtilapp’.
Publisher:
ABChina  (signed by Agricultural Bank of China)

Product:
npABCUtilapp

Version:
1, 0, 15, 1202

MD5:
21d838a7f5d9be212484272d81ceac2f

SHA-1:
3a7c53cea1ef007baf221b87ef5ff6279291f74d

SHA-256:
4fd13e3d3958200de72edc6bd0d8c8ba40131d2e333fbf5801e888c490c7fe2a

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/27/2024 12:26:20 AM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Gen:Variant.Adware.Kazy
5.15.21

File size:
340.8 KB (349,000 bytes)

Product version:
1, 0, 15, 1202

Copyright:
Copyright(C) 2015 ABChina

Original file name:
npABCUtilapp.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\npabcutilapp.dll

Digital Signature
Signed by:
Agricultural Bank of China

Authority:
VeriSign, Inc.

Valid from:
5/3/2013 8:00:00 PM

Valid to:
5/3/2016 7:59:59 PM

Subject:
CN=Agricultural Bank of China, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agricultural Bank of China, L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
395410384D767D7CDC6635C57A4EB5E0

File PE Metadata
Compilation timestamp:
12/2/2015 4:33:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:O7+NZMdLvXaDLntolcUTDngRahbDycl8v2NfrP4yLY1S:0q2RXaPtolHgRaRDJe25EyLL

Entry address:
0x9193C

Entry point:
E9, 9A, BD, FF, FF, 57, FE, C8, 9C, 3A, 07, 8D, 86, 02, A6, 42, 68, 8D, 7F, 01, 9F, 0F, 92, C4, 0F, 9D, C0, 8B, 44, 24, 50, E8, DD, BF, FD, FF, 15, A2, E5, 44, 03, E7, 9A, CE, F5, A0, 7B, 46, CB, D3, 2E, EA, E9, BE, B3, 00, FB, 89, BE, B5, 65, 62, 8B, DD, 80, 38, D3, 32, 06, 40, 16, 81, AA, DC, 89, FE, 1C, E8, 7D, 45, B6, 03, 28, EB, 4C, E0, AE, 18, 99, 1E, 6A, 50, 8A, 58, A0, 4C, A0, EF, B3, 9A, F7, 11, 2E, CA, 15, 5E, 45, 81, 3F, C2, E0, 49, CE, 99, 1E, 42, 80, 21, 1E, 65, DC, 10, B2, 36, 0C, B5, 51, 7C...
 
[+]

Entropy:
7.9132

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
170.5 KB (174,592 bytes)

Mozilla Plugin
Name:
ABCUtilapp


Scan npABCUtilapp.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.