pluginservice.exe

IePlugin control

Zhang Ling

The application pluginservice.exe by Zhang Ling has been detected as adware by 26 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IePlugin Services”. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Cherished Technololgy LIMITED  (signed by Zhang Ling)

Product:
IePlugin control

Description:
IePlugin Service

Version:
13.27.0.746

MD5:
ca9ba798e9a219996f2263e95bad7a2e

SHA-1:
dcccb1cd3880176763fd7f32878f6232d1951e24

SHA-256:
2e74e55c2e1088bc7a73df3d6fefd1f1c4ec03cbfe70c552e5cbde27dd324c7a

Scanner detections:
26 / 68

Status:
Adware

Analysis date:
12/25/2024 12:23:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OKO
809

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Helper
2014.07.12

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

AVG
Zhangling
2015.0.3382

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.14815

Bitdefender
Adware.Agent.OKO
1.0.20.1605

Dr.Web
Trojan.Damaged.1
9.0.1.0227

Emsisoft Anti-Malware
Adware.Agent.OKO
8.14.11.17.04

ESET NOD32
Win32/ELEX.AV potentially unwanted application
7.0.302.0

F-Secure
Adware.Agent.OKO
11.2014-17-11_2

G Data
Adware.Agent.OKO
14.11.24

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3011

Malwarebytes
PUP.Optional.IePluginService.A
v2014.08.15.09

MicroWorld eScan
Adware.Agent.OKO
15.0.0.963

NANO AntiVirus
Trojan.Win32.Click3.destkm
0.28.2.62841

nProtect
Adware.Agent.OKO
14.10.19.01

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.ZhangLing.N
14.8.15.9

Sophos
Elex
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10420

Trend Micro House Call
TROJ_GEN.R0C1H05JK14
7.2.321

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4788726
33706

Zillya! Antivirus
Adware.Agent.Win32.11732
2.0.0.1960

File size:
698.9 KB (715,656 bytes)

Product version:
13.27.0.746

Copyright:
Copyright (C) 2013

Original file name:
IePluginService.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\ProgramData\iepluginservices\pluginservice.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/6/2014 5:29:18 AM

Valid to:
6/6/2015 5:29:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
8/14/2014 8:54:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:N0iU8AXUSAxCRygWi9FJ5mfPeu8TriBEz46+l/Tqf2t2NBIeVf8LMaQ/TEbbS3ms:1nAXwOygWi9Flhz+Bmf2IFf2MaQrMGwy

Entry address:
0x25579

Entry point:
E8, EE, DF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 0C, 0A, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 00, CA, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 0C, 0A, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Code size:
351 KB (359,424 bytes)

Service
Display name:
IePlugin Services

Service name:
IePluginServices

Description:
IePlugin services

Type:
Win32OwnProcess

Group:
SchedulerGroup


Remove pluginservice.exe - Powered by Reason Core Security