home

npgbfnc_cef.dll

Módulo de Proteção - Caixa Economica Federal

Caixa Economica Federal

The module npgbfnc_cef.dll, “Internet Banking Helper” by Caixa Economica Federal has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the Mozilla Firefox web browser as part of an addin/plugin. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
GAS Tecnologia  (signed by Caixa Economica Federal)

Product:
Módulo de Proteção - Caixa Economica Federal

Description:
Internet Banking Helper

Version:
2.12.0

MD5:
ab9929b8fb57090953c105c67bf0a286

SHA-1:
fb7968346a31ff993cc44e87afc48b59e45eb8c1

SHA-256:
76aa5ef02e7be75af512861c66a25700fff19235fc3da34dce9ab42ded4bfca2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/23/2024 5:58:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (L)
16.12.12.17

File size:
2.4 MB (2,494,272 bytes)

Product version:
2.12.0

Copyright:
Copyright 2012 GAS Tecnologia

Original file name:
npgbfnc_cef.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\mozilla\firefox\profiles\{user}.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886d}\plugins\npgbfnc_cef.dll

Digital Signature
Signed by:
Caixa Economica Federal

Authority:
The USERTRUST Network

Valid from:
7/18/2010 9:00:00 PM

Valid to:
7/18/2012 8:59:59 PM

Subject:
CN=Caixa Economica Federal, OU=GISUT/BR, O=Caixa Economica Federal, STREET=SEPN 507 BLOCO A 3º Andar - Asa Norte, L=Brasília, S=Distrito Federal, PostalCode=70740-521, C=BR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
18471E6B12B1A09DE7D5AA6814AEF186

File PE Metadata
Compilation timestamp:
4/4/2012 4:01:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:KpLSv5M3u2moH9ac71dJrM9Qc14CTSfyNdUkwVCdvT6C3JicAPhC1y2z0FEJ:KAv5KmC9P79I9/S9kwViOWJohC1hAi

Entry address:
0x51614E

Entry point:
68, B7, 44, AA, A2, E9, 8C, 49, 14, 00, 13, 7F, 71, AE, 87, 97, CF, C5, F7, DD, 1F, FD, 67, B5, 3F, E5, 77, 0D, 67, 0D, F4, B0, 1B, 32, 89, FA, 2D, 13, 29, 10, FE, 26, 09, D3, E8, CB, 7F, 7D, 52, 08, 93, 79, 4D, 37, CD, 8B, F2, 08, C9, 70, 81, 34, A4, 95, 88, B1, E9, 76, AC, F6, B6, 64, F7, 67, 4C, 8B, 1E, 55, 1F, C5, A7, 7F, 5D, 6A, AE, 9A, DD, 19, 51, 6F, B5, DF, 0B, C1, 52, 96, 01, E4, 76, B7, 8A, 50, 22, F2, 20, B3, 5D, B9, 45, E2, AB, 50, 8A, F0, 80, 6A, F9, 3D, 93, F2, CB, 96, 57, 55, B2, 06, D4, 7B...
 
[+]

Code size:
2.1 MB (2,238,464 bytes)

Remove npgbfnc_cef.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.