home

PluginProtect.exe

PluginProtect

The application PluginProtect.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Protect your browser's extensions”. While running, it connects to the Internet address rack15u9.hispaweb.net on port 80 using the HTTP protocol.
Product:
PluginProtect

Version:
1.0.2.3

MD5:
b233022184a7fe406f965d552e0c3493

SHA-1:
fe846fcf16d0d7541dd1d4399345fdb0b8ee05f3

SHA-256:
da19af8488c7ac57fe79a0e23865fb97997045b75f7aa411810bc9020180effa

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
1/24/2025 5:36:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1662042
956

Agnitum Outpost
Trojan.Spacekito
7.1.1

Avira AntiVirus
TR/Dropper.Gen7
7.11.156.52

avast!
MSIL:Spacekito-A [Trj]
2014.9-140623

AVG
Generic36
2015.0.3434

Baidu Antivirus
Adware.Win32.Vittalia
4.0.3.14623

Bitdefender
Trojan.GenericKD.1662042
1.0.20.870

Comodo Security
UnclassifiedMalware
18643

Emsisoft Anti-Malware
Trojan.GenericKD.1662042
8.14.06.23.05

Fortinet FortiGate
W32/Grp.HD!tr
6/23/2014

F-Secure
Trojan.GenericKD.1662042
11.2014-23-06_2

G Data
Trojan.GenericKD.1662042
14.6.24

IKARUS anti.virus
Trojan.Msil
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12498

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3666

McAfee
RDN/Generic.grp!hd
5600.7090

Microsoft Security Essentials
Trojan:MSIL/Spacekito.C
1.10701

MicroWorld eScan
Trojan.GenericKD.1662042
15.0.0.522

Norman
Suspicious_Gen4.GGURL
11.20140623

nProtect
Trojan.GenericKD.1662042
14.06.23.01

Panda Antivirus
Generic Malware
14.06.23.05

Qihoo 360 Security
Win32/Trojan.f7a
1.0.0.1015

Quick Heal
Trojan.Spacekito.r3
6.14.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.0BFI14
7.2.174

Trend Micro
TROJ_SPNR.0BFI14
10.465.23

VIPRE Antivirus
Trojan.Win32.Generic
30574

File size:
71 KB (72,704 bytes)

Product version:
1.0.2.3

Copyright:
Copyright © 2014

Original file name:
PluginProtect.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\okitspace\protect\pluginprotect.exe

File PE Metadata
Compilation timestamp:
4/29/2014 4:37:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:v5ZOHhtmnTMpaow5Xeaz+3aO4cnlNLFzIJWPrfk1zWs7TMKEn5Ycq42:DOBtQhow5XNz+3aO46lNWXQKgM4

Entry address:
0x126CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.3152

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
66 KB (67,584 bytes)

Service
Display name:
Protect your browser's extensions

Service name:
srvPlgProtect

Type:
Win32OwnProcess


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to rack15u9.hispaweb.net  (109.70.128.170:80)

Remove PluginProtect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.