» ntdis_64.dll
Overview
Analysis
File Details
Programs (2)

ntdis_64.dll

VERISTAFF.COM LTD

The module ntdis_64.dll by VERISTAFF.COM has been detected as adware by 18 anti-malware scanners. Additionally, the file is typically installed by a number of programs including LPT System Updater Service by Linkury Ltd. and SafeFinder Smartbar by Linkury Ltd., both potentially unwanted software.

File name:

ntdis_64.dll

Publisher:

VERISTAFF.COM LTD (signed and verified)

MD5:

a15c2a7ac32400a0c4c0faf9fbb806e1

SHA-1:

d0aa5bd615ee80928c7689ff1fccd7591b1e33c8

SHA-256:

ada24ed6b4e5528d5508d2e55755fd637b2fa111df48090e542372a0f37f0290

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/23/2024 2:52:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Linkury.B

799

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

AVG

MPomp

2015.0.3277

Baidu Antivirus

Adware.Win32.Linkury

4.0.3.141128

Bitdefender

Adware.Linkury.B

1.0.20.1660

Emsisoft Anti-Malware

Adware.Linkury

8.14.11.28.01

F-Secure

Adware.Smartbar.O

11.2014-28-11_6

G Data

Adware.Linkury

14.11.24

IKARUS anti.virus

PUA.Linkury

t3scan.1.6.1.0

Kaspersky

Packed.Win32.Krap

14.0.0.2880

McAfee

Artemis!01BBB0F99EF4

5600.6933

MicroWorld eScan

Adware.Linkury.B

15.0.0.996

nProtect

Adware.Smartbar.O

14.10.31.01

Panda Antivirus

PUP/LinkUry

14.11.28.01

Reason Heuristics

PUP.VERISTAFFCOM.I

14.12.4.0

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10211

Trend Micro House Call

Suspicious_GEN.F47V0619

7.2.332

VIPRE Antivirus

Adware.Linkury

30470

File size:

414 KB (423,952 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\users\{user}\appdata\local\lpt\resources\ntdis_64.dll

Digital Signature

Signed by:

VERISTAFF.COM LTD

Authority:

COMODO CA Limited

Valid from:

9/15/2014 8:00:00 AM

Valid to:

9/16/2015 7:59:59 AM

Subject:

CN=VERISTAFF.COM LTD, OU=514841295, O=VERISTAFF.COM LTD, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2AF13BF1274B91869E8E8BA9B16282CA

File PE Metadata

Compilation timestamp:

11/19/2014 10:16:11 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:nMLcy63ckalaxcHOAcONFxpQWOoMkGldsQayhN:qcy63ckalaxcHOcNqWzM7sQLv

Entry address:

0x16DE0

Entry point:

4C, 89, 44, 24, 18, 89, 54, 24, 10, 48, 89, 4C, 24, 08, 48, 83, EC, 28, 83, 7C, 24, 38, 01, 75, 05, E8, D2, B6, 00, 00, 4C, 8B, 44, 24, 40, 8B, 54, 24, 38, 48, 8B, 4C, 24, 30, E8, 0F, 00, 00, 00, 48, 83, C4, 28, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 4C, 89, 44, 24, 18, 89, 54, 24, 10, 48, 89, 4C, 24, 08, 48, 83, EC, 48, C7, 44, 24, 30, 01, 00, 00, 00, 83, 7C, 24, 58, 00, 75, 10, 83, 3D, 58, BF, 04, 00, 00, 75, 07, 33, C0, E9, 1F, 01, 00, 00, 83, 7C, 24, 58, 01, 74, 07, 83, 7C, 24, 58, 02, 75, 4E, 48... 
[+]

Entropy:

5.6202

Code size:

281.5 KB (288,256 bytes)

The file ntdis_64.dll has been discovered within the following programs.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

SafeFinder Smartbar by Linkury Ltd.

SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

www.linkury.com/faq/s/faq.aspx?company=SafeFinder

67% remove it

Remove ntdis_64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.