dpinterface64.dll

Skytech

Zhang Ling

The module dpinterface64.dll by Zhang Ling has been detected as adware by 10 anti-malware scanners. Additionally, the file is typically installed by a number of programs including SupTab by Thinknice Co. Limited and Linkey by Aztec Media Inc., both potentially unwanted software. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
Skytech

Version:
1.0.1.40

MD5:
e718460227e21231ae206b29c9bb06f9

SHA-1:
d0c242e6f213d256b105ca7f6c4961c360e66648

SHA-256:
b3f0079a8acd0893d1d86477e640e210cebab790a89c9f9f61e5d367f6e8752c

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
12/25/2024 12:31:05 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Trash.Gen
7.11.160.46

AVG
Zhangling
2015.0.3404

Baidu Antivirus
Adware.Win64.Thinknice
4.0.3.141215

Dr.Web
Adware.Mutabaha.50
9.0.1.0349

ESET NOD32
Win64/Thinknice.F potentially unwanted application
8.7.0.302.0

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.Skytech.A
v2014.07.24.08

Reason Heuristics
PUP.ZhangLing.N
14.7.31.23

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10176

File size:
105.4 KB (107,912 bytes)

Product version:
1.0.1.40

Copyright:
Skytech Copyright (C) 2013

Original file name:
WorkDll

File type:
Dynamic link library (Win64 DLL)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\suptab\dpinterface64.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/6/2014 4:29:18 AM

Valid to:
6/6/2015 4:29:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
7/4/2014 4:45:47 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:+yd3HblT8WziUalzvrR0z1g3CH18Us8fd7+Iv4+ThH3N6UdxhchObaz:+yx7lTbziUAvrR0z1R7RA+F3N6U9W9

Entry address:
0x3118

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, E7, 3B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 7C, 53, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
5.7678

Code size:
47.5 KB (48,640 bytes)

The file dpinterface64.dll has been discovered within the following programs.

Linkey  by Aztec Media Inc.
Linkey is a potentially unwanted web browser search extension for the top browsers and designed to modify the user's search and home pages (www.default-search.com or www.linkeyproject.com/app/) in order to direct advertising via the linkeyproject.com portal.
linkeyproject.com
81% remove it
SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove dpinterface64.dll - Powered by Reason Core Security