dpinterface32.dll

Skytech

Zhang Ling

The module dpinterface32.dll by Zhang Ling has been detected as adware by 12 anti-malware scanners. Additionally, the file is typically installed by a number of programs including SupTab by Thinknice Co. Limited and Linkey by Aztec Media Inc., both potentially unwanted software. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
Skytech

Version:
3.0.2.3482

MD5:
0b8a6e517e9b3b40b700e10d7b823427

SHA-1:
1a28bc510d68622def5e125c4f6d49a4f0261832

SHA-256:
9ecbdb31ec9792abdeb783aa151a2f73bb3bea5d714041c0f593c33dcda0a91e

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
12/25/2024 12:22:10 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
TR/Trash.Gen
7.11.160.42

AVG
Zhangling
2015.0.3404

Baidu Antivirus
Adware.Win32.Thinknice
4.0.3.141215

Dr.Web
Trojan.Damaged.1
9.0.1.0349

ESET NOD32
Win32/Thinknice.E potentially unwanted application
8.7.0.302.0

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.Skytech.A
v2014.07.24.08

Reason Heuristics
PUP.ZhangLing.N
14.7.31.23

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10176

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Backdoor.Win32.Bifrose.fsi
31168

File size:
1.1 MB (1,196,936 bytes)

Product version:
3.0.2.3482

Copyright:
Skytech Copyright (C) 2013

Original file name:
WorkDll

File type:
Dynamic link library (Win32 DLL)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\suptab\dpinterface32.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/6/2014 4:29:18 AM

Valid to:
6/6/2015 4:29:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
7/4/2014 4:38:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:LpTmp9+HfyL8JmqncH+vo0qZjzw5Scpk9sEgWM0Ca+Q:Ni9+HfyL8Jmqce4ckDXM0Ca+Q

Entry address:
0x8E99F

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3A, B1, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 18, 38, 0F, 10, E8, E2, 76, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 2C, E7, 0F, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 24, E4, 0D, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.2810

Developed / compiled with:
Microsoft Visual C++

Code size:
877.5 KB (898,560 bytes)

The file dpinterface32.dll has been discovered within the following programs.

Linkey  by Aztec Media Inc.
Linkey is a potentially unwanted web browser search extension for the top browsers and designed to modify the user's search and home pages (www.default-search.com or www.linkeyproject.com/app/) in order to direct advertising via the linkeyproject.com portal.
linkeyproject.com
81% remove it
SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove dpinterface32.dll - Powered by Reason Core Security