» nssckbi.dll
Overview
Analysis
File Details

nssckbi.dll

Network Security Services

ArcadeTwist

nssckbi.dll is the Mozilla Network Security Services (NSS) library that provides access to a list of trusted root CA certificates that are distributed with Mozilla software and is recompiled by ArcadeTwist. The module nssckbi.dll, “NSS Builtin Trusted Root CAs” by ArcadeTwist has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.

File name:

nssckbi.dll

Publisher:

Mozilla Foundation (signed by ArcadeTwist)

Product:

Network Security Services

Description:

NSS Builtin Trusted Root CAs

Version:

1.91

MD5:

9e13a47aab591a879370c1967a9f8236

SHA-1:

5be21c35dab5c214400cb680f237946816dcfa8d

SHA-256:

b62da8db9af9bd030591ccb280b7b65932eed18cf37307cf0955a642010d4d89

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is the Mozilla Network Security Services (NSS) library that provides access to a list of trusted root CA certificates that are distributed with Mozilla software. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:

4/29/2024 8:36:17 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.GameVance (M)

16.8.3.16

File size:

414.6 KB (424,552 bytes)

Product version:

1.91

Original file name:

nssckbi.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\arcadetwist\cat\nssckbi.dll

Digital Signature

Signed by:

ArcadeTwist

Authority:

thawte, Inc.

Valid from:

1/19/2015 6:00:00 PM

Valid to:

1/19/2017 5:59:59 PM

Subject:

CN=ArcadeTwist, O=ArcadeTwist, L=Irvine, S=California, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

285C56079C0C7E91CD8726B42C0AF1B6

File PE Metadata

Compilation timestamp:

9/12/2012 8:07:04 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:CJz2s9oBgdMTWfpUwFygo5zUM38MEuL9ewNkUE0kUqo:Sf9OgWTWfpf0gmzY49zNkUE0kUqo

Entry address:

0xEC51

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 6B, 1D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 04, 3B, 06, 10, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 22, 1E, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9... 
[+]

Entropy:

6.8996

Code size:

79.5 KB (81,408 bytes)

Remove nssckbi.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.