home

nshelper.dll

Flipora

The module nshelper.dll by Flipora has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Flipora  (signed and verified)

MD5:
a32b51fed0dc6c7ed78f1b605aa3fc85

SHA-1:
0e85c21a8d64e355a9ab65a2d97462ddc7122694

SHA-256:
479e6431e29a22573307ed2e7249c3bb06ac481fc878d193cce913b5ab143010

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 8:54:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.2.14.20

File size:
19.8 KB (20,224 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nshelper.dll

Digital Signature
Signed by:
Flipora

Authority:
VeriSign, Inc.

Valid from:
3/29/2012 5:30:00 AM

Valid to:
3/30/2015 5:29:59 AM

Subject:
CN=Flipora, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Flipora, L=Sunnyvale, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E5D7F106293C44426F134E3A6C47BB9

File PE Metadata
Compilation timestamp:
12/31/2013 5:54:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
384:lrEE4H9pR4uAm+mUghSnYPLhryieM0t9:lrEE4HrR4Q1hSlv

Entry address:
0x1694

Entry point:
33, C0, 40, C2, 0C, 00, 53, 56, 68, AC, 31, 00, 10, 32, DB, FF, 15, 5C, 30, 00, 10, 8B, F0, 85, F6, 74, 19, 68, 9C, 31, 00, 10, 56, FF, 15, 64, 30, 00, 10, 85, C0, 74, 02, FE, C3, 56, FF, 15, 30, 30, 00, 10, 5E, 8A, C3, 5B, C3, 55, 8B, EC, 83, EC, 14, 53, 33, DB, 89, 5D, F4, 39, 5D, 0C, 75, 0C, C7, 45, F4, 57, 00, 07, 80, E9, FC, 00, 00, 00, C7, 45, F0, 00, 30, 00, 00, E8, A4, FF, FF, FF, 84, C0, 0F, 84, E0, 00, 00, 00, FF, 75, 08, 89, 5D, F8, 53, 68, 00, 04, 00, 00, E8, FF, FB, FF, FF, 83, C4, 0C, 89, 45...
 
[+]

Entropy:
6.4553

Code size:
8 KB (8,192 bytes)

Remove nshelper.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.