» ntdis_32.dll
Overview
Analysis
File Details
Programs (1)

ntdis_32.dll

MY POP SHOP LTD

The module ntdis_32.dll by MY POP SHOP has been detected as adware by 12 anti-malware scanners. This file is typically installed with the program LPT System Updater Service by Linkury Ltd. which is a potentially unwanted software program.

File name:

ntdis_32.dll

Publisher:

MY POP SHOP LTD (signed and verified)

MD5:

0dd11578517f0fbad5393b8c0a39647f

SHA-1:

5bb4ccea5407ab07b7486611c5e9067de607aafd

SHA-256:

e1ba9ea35c46f7618466c06b852c6ca10fecde84da4afdb4808fbd9848760921

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

4/19/2024 11:31:35 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Smartbar.O

832

AVG

Mypopshop

2015.0.3310

Baidu Antivirus

Adware.Win32.Linkury

4.0.3.141025

Bitdefender

Adware.Smartbar.O

1.0.20.1490

Emsisoft Anti-Malware

Adware.Smartbar.O

8.14.10.25.06

F-Secure

Adware.Smartbar.O

11.2014-25-10_7

G Data

Adware.Smartbar

14.10.24

MicroWorld eScan

Adware.Smartbar.O

15.0.0.894

NANO AntiVirus

Riskware.Win32.Linkury.dcvwxz

0.28.2.62671

nProtect

Adware.Smartbar.O

14.10.16.01

Qihoo 360 Security

HEUR/Malware.QVM29.Gen

1.0.0.1015

Reason Heuristics

PUP.MYPOPSHOP.I

14.10.25.18

File size:

310.5 KB (317,960 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\lpt\resources\ntdis_32.dll

Digital Signature

Signed by:

MY POP SHOP LTD

Authority:

COMODO CA Limited

Valid from:

7/6/2014 8:00:00 PM

Valid to:

7/7/2015 7:59:59 PM

Subject:

CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4A7D93FD75281A37A4ADCDCD636D3ADB

File PE Metadata

Compilation timestamp:

10/6/2014 7:59:15 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:ngY68ukcwMx7dfeyPwJd3QB0SA/4KJed6WjXDkiC/tci+R5T:ngY68ukcwMxcyPKdAB0tfAdhjXDkP/ab

Entry address:

0x11420

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 52, 99, 00, 00, 8B, 45, 10, 50, 8B, 4D, 0C, 51, 8B, 55, 08, 52, E8, 11, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 6A, FE, 68, 10, 7A, 04, 10, 68, D0, B6, 01, 10, 64, A1, 00, 00, 00, 00, 50, 83, C4, E8, 53, 56, 57, A1, 24, 92, 04, 10, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, E4, 01, 00, 00, 00, 83, 7D, 0C, 00, 75, 10, 83, 3D, 94, A6, 04, 10, 00, 75, 07, 33, C0, E9, 5A, 01, 00, 00... 
[+]

Entropy:

6.2989

Developed / compiled with:

Microsoft Visual C++

Code size:

221.5 KB (226,816 bytes)

The file ntdis_32.dll has been discovered within the following program.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

Remove ntdis_32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.