dpinterface64.dll

Skytech

Zhang Ling

The module dpinterface64.dll by Zhang Ling has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
Skytech

Version:
1.0.1.40

MD5:
ebb00b5d40931939b000509257ba8668

SHA-1:
7ea971e08acdc579f1850156c10d26ccee5fe877

SHA-256:
e9d07d1c1dec0b590c0782cd5d63854c8627e2ad113405f12221f74036750e15

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 12:12:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.9.6.23

File size:
105.4 KB (107,912 bytes)

Product version:
1.0.1.40

Copyright:
Skytech Copyright (C) 2013

Original file name:
WorkDll

File type:
Dynamic link library (Win64 DLL)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\suptab\dpinterface64.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/6/2014 8:59:18 AM

Valid to:
6/6/2015 8:59:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
7/4/2014 9:15:47 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:iyd3HblT8WziUalzvrR0z1g3CH18Us8fd7+Iv4+ThH3N6UdxhchObaYF:iyx7lTbziUAvrR0z1R7RA+F3N6U9WS

Entry address:
0x3118

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, E7, 3B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 7C, 53, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
5.7680

Code size:
47.5 KB (48,640 bytes)

The file dpinterface64.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove dpinterface64.dll - Powered by Reason Core Security