home

dpinterface64.dll

Skytech

Zhang Ling

The module dpinterface64.dll by Zhang Ling has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
Skytech

Version:
1.0.1.40

MD5:
e3bed5dde302d0879257bc03b24efb3e

SHA-1:
7e33325bf18798932934e608bbfd02ca760b7c31

SHA-256:
326ae1944ebc617825ebcaabf575575fe854718b1452f6b59a4f1295ab42676c

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
1/12/2025 5:01:18 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/SubTab.spe
7.11.174.142

AVG
Zhangling
2015.0.3259

Baidu Antivirus
Adware.Win64.Thinknice
4.0.3.14925

Dr.Web
Adware.Mutabaha.50
9.0.1.0349

ESET NOD32
Win64/Thinknice.F potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.Skytech.A
v2014.09.25.01

Reason Heuristics
PUP.ZhangLing.N
14.9.25.12

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10176

File size:
105.4 KB (107,912 bytes)

Product version:
1.0.1.40

Copyright:
Skytech Copyright (C) 2013

Original file name:
WorkDll

File type:
Dynamic link library (Win64 DLL)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\suptab\dpinterface64.dll

Digital Signature
Signed by:
Zhang Ling

Authority:
WoSign CA Limited

Valid from:
9/24/2014 6:39:35 AM

Valid to:
6/24/2015 6:39:35 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4BD6CD01962107D32D308240DA61E020

File PE Metadata
Compilation timestamp:
7/4/2014 6:45:47 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:1yd3HblT8WziUalzvrR0z1g3CH18Us8fd7+Iv4+ThH3N6UdxhbbaN:1yx7lTbziUAvrR0z1R7RA+F3N6U9M

Entry address:
0x3118

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, E7, 3B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 7C, 53, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
5.7672

Code size:
47.5 KB (48,640 bytes)

The file dpinterface64.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove dpinterface64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.