pluginservice.exe

IePlugin control

Liyan Liu

The application pluginservice.exe by Liyan Liu has been detected as adware by 21 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IePlugin Services”. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. While running, it connects to the Internet address 7d.a0.a86c.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Cherished Technololgy LIMITED  (signed by Liyan Liu)

Product:
IePlugin control

Description:
IePlugin Service

Version:
13.27.0.746

MD5:
526ec8ec8b3d4ee2de5feee0e6e32c8f

SHA-1:
2b55df509ec5d62c5fb44e14e63aac90371b917f

SHA-256:
d8ea96506f31e4068f3a166856e4e68e7f5e238cd66e7fa62f085b53d65634bc

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
12/25/2024 1:21:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OKO
837

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Helper
2014.10.21

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.141021

Bitdefender
Adware.Agent.OKO
1.0.20.1470

Dr.Web
Trojan.Click3.9479
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.OKO
8.14.10.21.03

ESET NOD32
Win32/ELEX.AV potentially unwanted application
7.0.302.0

F-Secure
Adware.Agent.OKO
11.2014-21-10_3

G Data
Adware.Agent.OKO
14.10.24

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.IePluginService.A
v2014.10.21.03

MicroWorld eScan
Adware.Agent.OKO
15.0.0.882

NANO AntiVirus
Trojan.Win32.Click3.destkm
0.28.2.62841

nProtect
Adware.Agent.OKO
14.10.19.01

Reason Heuristics
PUP.Service.LiyanLiu.N
14.10.21.1

Sophos
Elex
4.98

Trend Micro House Call
TROJ_GEN.R0C1H05JK14
7.2.294

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4788726
33706

Zillya! Antivirus
Adware.Agent.Win32.11732
2.0.0.1960

File size:
697.5 KB (714,208 bytes)

Product version:
13.27.0.746

Copyright:
Copyright (C) 2013

Original file name:
IePluginService.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\iepluginservices\pluginservice.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 8:00:00 AM

Valid to:
7/27/2015 8:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02CA146AED05062A5F6C4AC5628BBC00

File PE Metadata
Compilation timestamp:
8/14/2014 2:54:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:x0iU8AXUSAxCRygWi9FJ5mfPeu8TriBEz46+l/Tqf2t2NBIeVf8LMaQ/TEbbS3my:5nAXwOygWi9Flhz+Bmf2IFf2MaQrMGwM

Entry address:
0x25579

Entry point:
E8, EE, DF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 0C, 0A, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 00, CA, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 0C, 0A, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Entropy:
5.7408

Code size:
351 KB (359,424 bytes)

Service
Display name:
IePlugin Services

Service name:
IePluginServices

Description:
IePlugin services

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file pluginservice.exe has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 7d.a0.a86c.ip4.static.sl-reverse.com  (108.168.160.125:80)

Remove pluginservice.exe - Powered by Reason Core Security