» npshnanjingbank64.dll
Overview
Analysis
File Details
Behaviors (1)

npshnanjingbank64.dll

shahai Password Plugin

Chongqing Shahai Information Tech Co.,Ltd

It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘shahai Password Plugin’.

File name:

Publisher:

shahaiinfo (signed by Chongqing Shahai Information Tech Co.,Ltd)

Product:

shahai Password Plugin

Version:

10.0.0.36

MD5:

0bb4314cbe8ca956ecc9c3a29487ea28

SHA-1:

c837c537e01460110ca7eb724f09ae80c9d7cab5

SHA-256:

864de32d50f95721d6543dd5ec9a2285e14b12488da1c6dee59bade4ea009f55

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 5:02:52 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

21808

McAfee

Generic Obfuscated.c

5600.6791

File size:

683.1 KB (699,536 bytes)

Product version:

10.0.0.36

Original file name:

shahaiinfo.dll

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\windows\syswow64\shahai\npshnanjingbank64.dll

Digital Signature

Signed by:

Chongqing Shahai Information Tech Co.,Ltd

Authority:

VeriSign, Inc.

Valid from:

5/13/2013 8:00:00 AM

Valid to:

7/13/2014 7:59:59 AM

Subject:

CN="Chongqing Shahai Information Tech Co.,Ltd", OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chongqing Shahai Information Tech Co.,Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

71825A61C6D3DB1C677B6F98174E44F8

Registration

CLSID:

{E1E80600-0152-4593-AB1C-88B80A2CAC11}

ProgID:

ATL2.MyEditBox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

1/10/2014 11:04:16 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:ShAlnxHRZI3d1zV8zNSB0pn9JI0HqEw+FM2zwvO5D0Wb9cGwRnrdJ:SWnBRZIt1B6SWpfJwjotYrX

Entry address:

0x106AF8

Entry point:

0F, 87, 94, F4, FE, FF, 68, 7E, F0, 1B, 40, E9, FC, 9C, FE, FF, E9, F7, 49, FE, FF, 0B, 4A, A4, 16, A1, EF, FF, 27, 75, D2, 86, E6, 4F, 10, E5, CE, A5, D4, D6, 78, C3, 8D, 08, 3C, ED, 5A, EA, 68, 53, 27, D3, A2, 2B, 3B, 0B, 69, 14, 4A, A2, 15, 6E, E1, AB, A2, EC, 7E, D8, 74, FD, 54, 76, 86, 78, 65, 66, 29, F0, 78, C6, 94, 28, 28, 53, B6, 51, ED, 97, 79, 98, 7E, F5, 16, E1, 53, 1A, 7B, 65, 35, EF, C9, E7, 35, 25, CA, 86, 0F, 34, CE, 38, 5C, 7E, 73, 18, 7F, EF, 7F, 00, A3, C7, FE, 63, 99, 14, 8F, 94, D6, 9D... 
[+]

Entropy:

7.9221 (probably packed)

Code size:

337.5 KB (345,600 bytes)

Mozilla Plugin

Name:

shahai Password Plugin

Scan npshnanjingbank64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.