» ntdis_32.dll
Overview
Analysis
File Details
Programs (2)

ntdis_32.dll

Veristaff.com Inc

The module ntdis_32.dll by Veristaff.com Inc has been detected as adware by 11 anti-malware scanners. Additionally, the file is typically installed by a number of programs including LPT System Updater Service by Linkury Ltd. and SafeFinder Smartbar by Linkury Ltd., both potentially unwanted software.

File name:

ntdis_32.dll

Publisher:

Veristaff.com Inc (signed and verified)

MD5:

89c08d41321018481e085550fd766238

SHA-1:

c0de6b877c6d859191b046f494e367f0d55787c5

SHA-256:

f4479c3aeaec5afdad5699c4013940bd8f2bff7c0034b274d465996914461acf

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/24/2024 7:30:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Linkury.B

918

AVG

Veristaff

2015.0.3400

Bitdefender

Adware.Linkury.B

1.0.20.1065

Emsisoft Anti-Malware

Adware.Linkury

8.14.08.01.01

G Data

Adware.Linkury

14.8.24

MicroWorld eScan

Adware.Linkury.B

15.0.0.639

NANO AntiVirus

Riskware.Win32.Linkury.dcvwxz

0.28.2.60990

Panda Antivirus

PUP/LinkUry

14.08.01.01

Reason Heuristics

PUP.Veristaff.I

14.7.28.9

Trend Micro House Call

Suspicious_GEN.F47V0613

7.2.213

VIPRE Antivirus

Adware.Linkury

30470

File size:

309.8 KB (317,224 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\lpt\resources\ntdis_32.dll

Digital Signature

Signed by:

Veristaff.com Inc

Authority:

DigiCert Inc

Valid from:

7/8/2014 8:00:00 PM

Valid to:

7/14/2015 8:00:00 AM

Subject:

CN=Veristaff.com Inc, O=Veristaff.com Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0B0EA10F13BB9EB2057BECB9A30F59D4

File PE Metadata

Compilation timestamp:

7/21/2014 7:51:25 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:wgY68ukcwMx7dfeyPwJd3QB0SA/4KJed6WjXDkiO/tcC+R5zK:wgY68ukcwMxcyPKdAB0tfAdhjXDkb/am

Entry address:

0x11420

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 52, 99, 00, 00, 8B, 45, 10, 50, 8B, 4D, 0C, 51, 8B, 55, 08, 52, E8, 11, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 6A, FE, 68, 10, 7A, 04, 10, 68, D0, B6, 01, 10, 64, A1, 00, 00, 00, 00, 50, 83, C4, E8, 53, 56, 57, A1, 24, 92, 04, 10, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, E4, 01, 00, 00, 00, 83, 7D, 0C, 00, 75, 10, 83, 3D, 94, A6, 04, 10, 00, 75, 07, 33, C0, E9, 5A, 01, 00, 00... 
[+]

Entropy:

6.2899

Developed / compiled with:

Microsoft Visual C++

Code size:

221.5 KB (226,816 bytes)

The file ntdis_32.dll has been discovered within the following programs.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

SafeFinder Smartbar by Linkury Ltd.

SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

www.linkury.com/faq/s/faq.aspx?company=SafeFinder

67% remove it

Remove ntdis_32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.