home

npdzzoerunner.dll

Dzzoe Plugin

Magic Desktop S&T Development Co., Ltd.

It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Precognition’.
Publisher:
魔法桌面(北京)软件有限公司  (signed by Magic Desktop S&T Development Co., Ltd.)

Product:
Dzzoe Plugin

Description:
魔法桌面浏览器组件

Version:
3,1,6,1

MD5:
37aedef8f5ef3e864a1b67f771345702

SHA-1:
492801b88f7934465c3c2cb792204d7ec20a993e

SHA-256:
4110d3c2185a699b025031586ea9de43122bbda9e0804a74202f2e02cce98882

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/16/2024 10:32:07 PM UTC  (today)

File size:
621.4 KB (636,264 bytes)

Product version:
3,1,6,1

Copyright:
魔法桌面(北京)软件有限公司. All rights reserved.

Original file name:
npdzzoerunner.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\魔法桌面美化王\mofa_v3.1.6\npdzzoerunner.dll

Digital Signature
Signed by:
Magic Desktop S&T Development Co., Ltd.

Authority:
WoSign eCommerce Services Limited

Valid from:
2/14/2012 4:06:00 AM

Valid to:
2/14/2013 9:38:22 PM

Subject:
E=xing555@netease.com, CN="Magic Desktop S&T Development Co., Ltd.", O="Magic Desktop S&T Development Co., Ltd.", L=Tianjin, S=Tianjin, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
09EA0187F2DF59

Registration
CLSIDs:
{1722EAFF-08C2-4a92-9A99-8E4BCD8312B3}, {2476153A-5F97-46bb-A243-5209599B6DA8}, {C6C788B9-4FD5-493B-A562-8ADD71C4E53C}

ProgIDs:
PrecognitionBHO.Precognition.1, OMMOO.Runner.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
3/27/2012 3:45:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
6144:juw/o5/TztdAAD0AH7aL4ezTL3tbhKrsw7HgSXvc2BnIcl5Lp:juw/k/Tzt+AD0W7Qr3tbArB8gvT11p

Entry address:
0x38FAA

Entry point:
E9, 2C, D6, 03, 00, E9, BC, 4F, 01, 00, E9, 37, 8F, 03, 00, E9, 64, D4, 06, 00, E9, FF, B7, 03, 00, E9, D8, 0E, 01, 00, E9, B3, DB, 00, 00, E9, 5E, 89, 00, 00, E9, 49, F7, 00, 00, E9, 32, 19, 06, 00, E9, FF, 3A, 03, 00, E9, D2, D4, 06, 00, E9, 95, FF, 04, 00, E9, 00, E4, 02, 00, E9, 16, D1, 06, 00, E9, 49, D9, 03, 00, E9, 81, 33, 01, 00, E9, F5, 4C, 05, 00, E9, F7, 15, 03, 00, E9, 32, 6D, 02, 00, E9, C5, 34, 04, 00, E9, 98, 9C, 01, 00, E9, 63, CE, 00, 00, E9, D2, A0, 03, 00, E9, 49, DE, 02, 00, E9, 11, CB...
 
[+]

Entropy:
5.7622

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
476 KB (487,424 bytes)

Internet Explorer BHO
Display name:
Precognition

CLSID:
{1722EAFF-08C2-4a92-9A99-8E4BCD8312B3}


Scan npdzzoerunner.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.