» npsf_bes.dll
Overview
Analysis
File Details
Behaviors (1)

npsf_bes.dll

Módulo de Proteção - Banese (Banco do Estado de Sergipe)

BANCO DO ESTADO DE SERGIPE S/A

It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘gastecnologia.com.br/sf/bes’.

File name:

npsf_bes.dll

Publisher:

GAS Tecnologia (signed by BANCO DO ESTADO DE SERGIPE S/A)

Product:

Módulo de Proteção - Banese (Banco do Estado de Sergipe)

Description:

Internet Banking Helper

Version:

3.7.1.1

MD5:

744bc1a9bce6814fac0f4f39ff0c2007

SHA-1:

81264a2d652b90eb2e0e850a45b1f18cd291e4ab

SHA-256:

c83a8b57478e9fa49cbfd73489e5c7e8dd46912070847f4acf83038968e0fa63

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/30/2024 11:37:12 PM UTC (a few moments ago)

File size:

2 MB (2,116,488 bytes)

Product version:

3.7.1.1

Original file name:

npsf_bes.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\gas tecnologia\gbbd\npsf_bes.dll

Digital Signature

Signed by:

BANCO DO ESTADO DE SERGIPE S/A

Authority:

GlobalSign nv-sa

Valid from:

6/4/2014 5:26:42 PM

Valid to:

6/5/2015 5:26:42 PM

Subject:

CN=BANCO DO ESTADO DE SERGIPE S/A, OU=TI, O=BANCO DO ESTADO DE SERGIPE S/A, L=Aracaju, S=Sergipe, C=BR

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11211A93CA6AB8C33511EB8D399E1D7299AD

File PE Metadata

Compilation timestamp:

12/11/2013 10:24:20 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

49152:P0EUxjEqg61rEuw6XIVOBfok0EPr3SMWgESFPD+qfAncIbR+hYsWMo:VUiqJ1mlxEPr3SMNESUmQRyYWo

Entry address:

0x52F36A

Entry point:

E9, FC, F9, FF, FF, E9, 1A, DA, FF, FF, 00, 00, 52, 65, 67, 45, 6E, 75, 6D, 56, 61, 6C, 75, 65, 41, 00, 00, 00, 56, 69, 72, 74, 75, 61, 6C, 50, 72, 6F, 74, 65, 63, 74, 45, 78, 00, 0F, 82, 16, E6, FF, FF, 51, 60, FF, 74, 24, 24, C2, 28, 00, 00, 00, 49, 73, 56, 61, 6C, 69, 64, 55, 52, 4C, 00, 88, 6C, 24, 04, 8D, 64, 24, 30, E8, 88, D3, E9, FF, 60, 8D, 64, 24, 20, 0F, 83, 3F, 2E, EA, FF, 66, 0F, BA, E6, 01, 29, C9, 60, E9, 5A, 81, EE, FF, 00, 00, 57, 72, 69, 74, 65, 50, 72, 6F, 63, 65, 73, 73, 4D, 65, 6D, 6F... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

1.8 MB (1,876,480 bytes)

Mozilla Plugin

Name:

gastecnologia.com.br/sf/bes

Scan npsf_bes.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.