home

npisecurity-vip_x64.dll

SA-iSecurity Plug-in for VIP

Guangzhou VIP Information Technology Co.,Ltd

It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘isecurity-vip’.
Publisher:
北京银盾思创网络技术有限公司  (signed by Guangzhou VIP Information Technology Co.,Ltd)

Product:
SA-iSecurity Plug-in for VIP

Version:
2, 5, 0, 6

MD5:
714aa5396d3b37bcd11c9cf40fd7efc2

SHA-1:
4a4522e8077e4662f41b54a180b12e34c6384fcf

SHA-256:
09a9633ae20d7994f2ce66cab31ee130a14ea5da410809665af9f5ef4b0f3942

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/23/2024 8:04:29 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Generic Obfuscated.c
5600.6827

Trend Micro House Call
Suspicious_GEN.F47V1030
7.2.73

File size:
849.7 KB (870,072 bytes)

Product version:
2, 5, 0, 6

Copyright:
Copyright (C) 2012-2014 Silver Aegis

Original file name:
npisecurity-vip_x64.dll

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\vip-security suite 2.5\npisecurity-vip_x64.dll

Digital Signature
Signed by:
Guangzhou VIP Information Technology Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
12/30/2013 8:00:00 AM

Valid to:
12/30/2016 7:59:59 AM

Subject:
CN="Guangzhou VIP Information Technology Co.,Ltd", OU=Technology Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Guangzhou VIP Information Technology Co.,Ltd", L=Guangzhou, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
53D738FC5B56671E9D2C15C9C544E3C7

File PE Metadata
Compilation timestamp:
9/14/2014 10:39:55 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:lnReIfyWADvlEkxzwN+R1a3bWeqTBLVsSjH:l0IqWAdxzwyEkp3jH

Entry address:
0x1E19A0

Entry point:
E9, 91, 07, 00, 00, 00, 00, 47, 6C, 6F, 62, 61, 6C, 4C, 6F, 63, 6B, 00, 00, 00, 53, 65, 74, 53, 74, 64, 48, 61, 6E, 64, 6C, 65, 00, E9, 34, F8, FE, FF, E9, B2, 0F, 00, 00, 00, 00, 47, 65, 74, 57, 69, 6E, 64, 6F, 77, 44, 43, 00, 0F, 91, C7, 89, DF, 66, 87, F3, 0F, 93, C3, 5B, BE, BC, 74, 09, 42, 87, F7, 48, 8D, BA, 21, AB, A3, 12, E9, CA, 9A, FF, FF, D2, E8, D0, F8, 80, FE, 5E, 8A, 07, F8, 84, C0, E9, 83, A1, FF, FF, 00, 00, 6C, 73, 74, 72, 6C, 65, 6E, 41, 00, 00, 00, 43, 72, 65, 61, 74, 65, 50, 61, 74, 74...
 
[+]

Entropy:
7.8979

Packer / compiler:
Xtreme-Protector v1.05

Code size:
415.5 KB (425,472 bytes)

Mozilla Plugin
Name:
isecurity-vip


Scan npisecurity-vip_x64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.