pluginservice.exe

IePlugin control

Liyan Liu

The application pluginservice.exe by Liyan Liu has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “IePlugin Services”. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.
Publisher:
Cherished Technololgy LIMITED  (signed by Liyan Liu)

Product:
IePlugin control

Description:
IePlugin Service

Version:
13.27.0.746

MD5:
2902e9ae7f14994b8fd1433aafbb39c0

SHA-1:
af068ae56e6b6dcb8c798bde723ff5e4cbcfe9be

SHA-256:
ce2c652eb954132d4023166a3c55bdad8b5b3d38baa1394af28ecdf912e8f4b7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 12:46:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.11.5.6

File size:
697.9 KB (714,624 bytes)

Product version:
13.27.0.746

Copyright:
Copyright (C) 2013

Original file name:
IePluginService.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\ProgramData\iepluginservices\pluginservice.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 7:00:00 AM

Valid to:
7/27/2015 7:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06A374858107D7F624D3CC328C92248A

File PE Metadata
Compilation timestamp:
8/14/2014 1:54:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:A0iU8AXUSAxCRygWi9FJ5mfPeu8TriBEz46+l/Tqf2t2NBIeVf8LMaQ/TEbbS3mU:qnAXwOygWi9Flhz+Bmf2IFf2MaQrMGwO

Entry address:
0x25579

Entry point:
E8, EE, DF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 0C, 0A, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 00, CA, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 0C, 0A, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Entropy:
5.7406

Code size:
351 KB (359,424 bytes)

Service
Display name:
IePlugin Services

Service name:
IePluginServices

Description:
IePlugin services

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file pluginservice.exe has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove pluginservice.exe - Powered by Reason Core Security