» npsf_bes.dll
Overview
Analysis
File Details
Behaviors (1)

npsf_bes.dll

Módulo de Proteção - Banese (Banco do Estado de Sergipe)

BANCO DO ESTADO DE SERGIPE SA

It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘gastecnologia.com.br/sf/bes’.

File name:

npsf_bes.dll

Publisher:

GAS Tecnologia (signed by BANCO DO ESTADO DE SERGIPE SA)

Product:

Módulo de Proteção - Banese (Banco do Estado de Sergipe)

Description:

Internet Banking Helper

Version:

3.7.1.1

MD5:

f6319517ac7b9fbb9d26f9ea86b59af5

SHA-1:

23b7b0ac30ef727baf79dbd2548f4479b0af12b0

SHA-256:

450c6ba8f1a129128b149ff97e79a64188b5093deedacfc1f727e988283ac36c

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/26/2024 7:13:41 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

F-Secure

Trojan.Generic.8613015

5.14.151

File size:

2 MB (2,116,384 bytes)

Product version:

3.7.1.1

Original file name:

npsf_bes.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\gas tecnologia\gbbd\npsf_bes.dll

Digital Signature

Signed by:

BANCO DO ESTADO DE SERGIPE SA

Authority:

GlobalSign nv-sa

Valid from:

6/14/2013 3:23:56 PM

Valid to:

6/15/2014 3:23:56 PM

Subject:

CN=BANCO DO ESTADO DE SERGIPE SA, O=BANCO DO ESTADO DE SERGIPE SA, L=ARACAJU, S=SERGIPE, C=BR

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216F0E7F2E4F8D8CA97F47D454F1C17CBC

File PE Metadata

Compilation timestamp:

12/11/2013 9:24:20 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

49152:+0EUxjEqg61rEuw6XIVOBfok0EPr3SMWgESFPD+qfAncIbR+hYsWMth:+UiqJ1mlxEPr3SMNESUmQRyYWth

Entry address:

0x52F36A

Entry point:

E9, FC, F9, FF, FF, E9, 1A, DA, FF, FF, 00, 00, 52, 65, 67, 45, 6E, 75, 6D, 56, 61, 6C, 75, 65, 41, 00, 00, 00, 56, 69, 72, 74, 75, 61, 6C, 50, 72, 6F, 74, 65, 63, 74, 45, 78, 00, 0F, 82, 16, E6, FF, FF, 51, 60, FF, 74, 24, 24, C2, 28, 00, 00, 00, 49, 73, 56, 61, 6C, 69, 64, 55, 52, 4C, 00, 88, 6C, 24, 04, 8D, 64, 24, 30, E8, 88, D3, E9, FF, 60, 8D, 64, 24, 20, 0F, 83, 3F, 2E, EA, FF, 66, 0F, BA, E6, 01, 29, C9, 60, E9, 5A, 81, EE, FF, 00, 00, 57, 72, 69, 74, 65, 50, 72, 6F, 63, 65, 73, 73, 4D, 65, 6D, 6F... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

1.8 MB (1,876,480 bytes)

Mozilla Plugin

Name:

gastecnologia.com.br/sf/bes

Scan npsf_bes.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.