» nsprocess.dll
Overview
Analysis
File Details

nsprocess.dll

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The module nsprocess.dll by Fedorov Paul has been detected as adware by 4 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

nsprocess.dll

Publisher:

Fedorov Paul (signed and verified)

MD5:

5447a4564be5ecd7cde0c2d01fe79cf0

SHA-1:

41443f673e97ae55df7aad2226b6a17b3aacffe8

SHA-256:

012c61fc650b7d6eb016ea9073080c07371dd7c89f46373be78f71020a08ce7e

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/20/2024 1:58:39 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3127

Dr.Web

Adware.Downware.10713

9.0.1.0116

Reason Heuristics

PUP.WebPick

15.3.9.1

VIPRE Antivirus

Trojan.Win32.Generic

39170

File size:

11.1 KB (11,392 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\nsprocess.dll

Digital Signature

Signed by:

Fedorov Paul

Authority:

Thawte, Inc.

Valid from:

9/30/2013 3:00:00 AM

Valid to:

10/17/2014 2:59:59 AM

Subject:

CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4775A986F383176992FD70C1405B2DEA

File PE Metadata

Compilation timestamp:

6/28/2011 10:48:48 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

192:lyrMS4xYqmsoRrsGl8NZ0Fcou7+wse+PjPoniEXO:lpWs+LBfuSPLonS

Entry address:

0x1001

Entry point:

33, C0, 40, C2, 0C, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8D, 45, 08, 50, 57, FF, 15, 4C, 20, 00, 10, 8B, 75, 0C, 8B, 45, 08, 3B, 06, 75, 12, 6A, 00, 6A, 00, 6A, 10, FF, 76, 04, FF, 15, 58, 20, 00, 10, 89, 7E, 04, 33, C0, 5F, 40, 5E, 5D, C2, 08, 00, 55, 8B, EC, 83, EC, 0C, 53, 56, 8B, 75, 08, 57, 56, 33, DB, 53, 68, 01, 04, 10, 00, FF, 15, 10, 20, 00, 10, 8B, F8, 3B, FB, 74, 6B, 89, 75, F4, 89, 5D, F8, 39, 5D, 0C, 74, 41, 8D, 45, F4, 50, 68, 07, 10, 00, 10, FF, 15, 50, 20, 00, 10, 39, 5D, F8, 74, 2D, 8D, 45... 
[+]

Code size:

1.5 KB (1,536 bytes)

Remove nsprocess.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.