» nsdialogs.dll
Overview
Analysis
File Details

nsdialogs.dll

Zugo Ltd

nsdialogs.dll is the nsDialogs allows creation of custom pages in the NSIS (Nullsoft Installer) setup program used by many installers, nsDialogs can create pages with any type of controls and runs as a common NSIS plug-in and is recompiled by Zugo Ltd. The library nsdialogs.dll by Zugo has been known to be a potentially unwanted program that has been detected by 1 anti-malware scanner. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.

File name:

nsdialogs.dll

Publisher:

Zugo Ltd (signed and verified)

MD5:

6b912549618b8a84b33b9d5e6a12965c

SHA-1:

455b0ce61f07abf2e0cb4cf2dcc838d3cf182fe4

SHA-256:

e4b8d5ad78c4ee4f47d09873079aa8f54a7cf0c0cecd8cecc2c78b978110550f

Scanner detections:

1 / 68

Status:

Inconclusive but possibly unwanted (It is part of a common redistributable library)

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/27/2024 1:58:09 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Common.PartOf.PUP.Zugo (M)

15.12.25.21

File size:

178.2 KB (182,496 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\nsdialogs.dll

Digital Signature

Signed by:

Zugo Ltd

Authority:

The USERTRUST Network

Valid from:

1/27/2011 6:00:00 PM

Valid to:

1/27/2013 5:59:59 PM

Subject:

CN=Zugo Ltd, O=Zugo Ltd, STREET=PO Box 36, STREET=1st Floor, STREET=37 Broad St., L=St Helier, S=Jersey, PostalCode=JE4 9NU, C=JE

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

46241CDE5C7B500B51C5F1328228F2A9

File PE Metadata

Compilation timestamp:

6/20/2012 5:39:53 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:noAiuuNYZsl78nJSLscPljgcKtczu+7H/4Itsimh5wmrlydh:n0tZPlsReJfltsT8mah

Entry address:

0x11CA6

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B1, 5C, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, B5, 02, 10, 89, 0D, D4, B5, 02, 10, 89, 15, D0, B5, 02, 10, 89, 1D, CC, B5, 02, 10, 89, 35, C8, B5, 02, 10, 89, 3D, C4, B5, 02, 10, 66, 8C, 15, F0, B5, 02, 10, 66, 8C, 0D, E4, B5, 02, 10, 66, 8C, 1D, C0, B5, 02, 10, 66, 8C, 05, BC, B5, 02, 10, 66, 8C, 25, B8, B5, 02, 10, 66, 8C, 2D, B4, B5, 02, 10, 9C, 8F, 05, E8, B5... 
[+]

Entropy:

6.5410

Code size:

121 KB (123,904 bytes)

Scan nsdialogs.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.