pluginservice.exe

IePlugin control

Zhang Ling

The application pluginservice.exe by Zhang Ling has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “IePlugin Services”. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.
Publisher:
Cherished Technololgy LIMITED  (signed by Zhang Ling)

Product:
IePlugin control

Description:
IePlugin Service

Version:
13.27.0.445

MD5:
1d6e2a5269dba466ce4c4cbd84458697

SHA-1:
1347d3ada053abc192c06e69dfd58e39b890b304

SHA-256:
7b0f766d4e62600ff4b32b4a0ed02556d07d71d47452841eb299dad76a658514

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 11:53:34 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.11.17.23

File size:
741.9 KB (759,688 bytes)

Product version:
13.27.0.445

Copyright:
Copyright (C) 2013

Original file name:
IePluginService.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\ProgramData\iepluginservices\pluginservice.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/5/2014 9:29:18 PM

Valid to:
6/5/2015 9:29:18 PM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
6/19/2014 3:21:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:3rv85oVkn5dIsLolvURWMD5dElW6msa0I3roX:3z85oqesMlvRsHEzmB0I7+

Entry address:
0x312E1

Entry point:
E8, 96, C9, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, AC, B9, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 00, 79, 47, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, AC, B9, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7...
 
[+]

Entropy:
5.8970

Code size:
397.5 KB (407,040 bytes)

Service
Display name:
IePlugin Services

Service name:
IePluginServices

Description:
IePlugin services

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file pluginservice.exe has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove pluginservice.exe - Powered by Reason Core Security