home

npPassGuard.dll

PassGuard

Bank Of Chengdu Co., Ltd

The library npPassGuard.dll, “PassGuard®™ 密码卫士插件 Version:3.0.0.7” has been detected as malware by 13 anti-virus scanners. It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘PassGuard’.
Publisher:
北京微通新成网络科技有限公司  (signed by Bank Of Chengdu Co., Ltd)

Product:
PassGuard

Description:
PassGuard®™ 密码卫士插件 Version:3.0.0.7

Version:
3.0.0.7

MD5:
44c8b131bbe6cdd50eba33bb14a06b40

SHA-1:
f50b5c102cbdd042db39c37891dc0141be65bade

SHA-256:
a310308e7f67869fa717fa55fb705517c90c315b97ae690dc3d47b434b6c45be

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/25/2024 7:45:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Packed
7.1.1

Avira AntiVirus
TR/Black.Gen2
7.11.180.234

avast!
Win32:Malware-gen
2014.9-150306

AVG
Win32/Blacked
2016.0.3179

Bkav FE
W32.Clod59f.Trojan
1.3.0.6185

Comodo Security
UnclassifiedMalware
19887

ESET NOD32
Win32/Packed.VMProtect.ABD (variant)
9.10614

Fortinet FortiGate
W32/VMProtBad.A
3/6/2015

IKARUS anti.virus
Trojan.Black2
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.185.13789

McAfee
Artemis!44C8B131BBE6
5600.6835

Norman
Suspicious_Gen4.FDTPP
11.20150306

Sophos
Mal/VMProtBad-A
4.98

File size:
1.8 MB (1,874,496 bytes)

Product version:
3.0.0.0

Copyright:
©2013 北京微通新成网络科技有限公司 所有权利保留

Original file name:
npPassGuard.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\syswow64\microdone\passguard\nppassguard.dll

Digital Signature
Signed by:
Bank Of Chengdu Co., Ltd

Authority:
VeriSign, Inc.

Valid from:
4/26/2012 8:00:00 AM

Valid to:
5/27/2014 7:59:59 AM

Subject:
CN="Bank Of Chengdu Co., Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Bank Of Chengdu Co., Ltd", L=chengdu, S=sichuan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1AF14872A7E0235658B42D8E00F6EDB8

File PE Metadata
Compilation timestamp:
6/14/2013 12:13:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:Eofmt0iZRl6H1np7ZuRlGsm4MPF1Qi36xd:BfmaURgHh9IKsuPF1pG

Entry address:
0x24E388

Entry point:
56, C7, 04, 24, 11, 39, 8B, 31, E9, F4, 18, 16, 00, 2D, DB, 60, 04, 69, E8, 49, 3B, 26, 67, 30, FB, 58, 08, AD, 22, FF, 99, 5C, 11, 22, C1, A6, 92, 87, 90, A9, 1E, 42, 29, 6A, A1, 1E, 0A, 59, E2, F6, 4F, FD, 67, 1D, CA, 43, 97, 14, 93, 04, 6E, BF, 09, 76, E5, 5A, FE, 53, F7, 60, BA, 13, B2, 0F, 69, BE, D8, 5D, B9, 3E, 09, A7, 2C, DC, C7, 44, BD, B4, D8, 71, C9, A6, 03, CC, 0B, 80, 26, 56, 4B, BA, 47, 12, A0, 1D, 27, A4, 03, 80, 9D, 6D, EF, 66, 5C, 3D, 4E, 59, 30, 03, 1D, EF, 50, 19, F9, 1F, 54, C9, 41, 0D...
 
[+]

Entropy:
7.9115  (probably packed)

Code size:
530.5 KB (543,232 bytes)

Mozilla Plugin
Name:
PassGuard


Remove npPassGuard.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.