home

nsisplugina.dll

npEB

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The module nsisplugina.dll by Spigot has been detected as adware by 6 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
npEB

Version:
2, 0, 0, 9

MD5:
9d689d85045a8aefccb2aec5f3061795

SHA-1:
fc930dafd705213d1baa4982b3f6479625a4648f

SHA-256:
5e4221d35ca1dd20c6bfc44005fe2b0819a10aa18da68f121c2caaec5f3ea4c8

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
4/19/2024 7:04:45 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Widgi
4.0.3.15413

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Spigot.67
9.0.1.0103

ESET NOD32
Win32/Toolbar.Widgi.N potentially unwanted (variant)
9.11464

Reason Heuristics
PUP.Spigot
15.4.13.0

Sophos
PUA 'Spigot Toolbar' (of type Adware)
5.12

File size:
215.8 KB (220,960 bytes)

Product version:
2, 0, 0, 9

Copyright:
Copyright (C) 2015 Spigot, Inc.

Original file name:
npEB

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nsisplugina.dll

Digital Signature
Signed by:
Spigot, Inc.

Authority:
VeriSign, Inc.

Valid from:
9/18/2014 5:30:00 AM

Valid to:
9/19/2015 5:29:59 AM

Subject:
CN="Spigot, Inc.", O="Spigot, Inc.", L=Incline Village, S=Nevada, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4C3D599E302C4F7882544749DD59A53E

File PE Metadata
Compilation timestamp:
1/27/2015 12:45:43 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:D1hsDdmKUVULFo+/I4QLi+nGtKaTsylY1ZZ+NVAkag:DADdNUVktIdHaTshD2mC

Entry address:
0x1717C

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A4, 3B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 8B, 0D, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 6D, 03, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 66, 0D, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, DD, 3B, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3...
 
[+]

Entropy:
6.5016

Code size:
151.5 KB (155,136 bytes)

Remove nsisplugina.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.