searchprotect32.dll

2.0.1.739

Liyan Liu

The module searchprotect32.dll by Liyan Liu has been detected as adware by 22 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Skytech Co., Ltd.  (signed by Liyan Liu)

Product:
2.0.1.739

Description:
Skytech

Version:
2.0.1.739

MD5:
65d79d935fbfcaee632e7aee203281c7

SHA-1:
6796fd43f04fe933e9155f5dd9b5b928e8c1ac71

SHA-256:
43e5a54e0703a61163340728ba156942519949641a5bf81d7502f1921fb20934

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
12/25/2024 12:46:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.HG
762

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:SupTab-C [Adw]
2014.9-150104

AVG
Generic
2016.0.3240

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.141021

Bitdefender
Application.Bundler.HG
1.0.20.20

Clam AntiVirus
Win.Adware.SupTab
0.98/19843

Dr.Web
Trojan.StartPage1.6314
9.0.1.04

Emsisoft Anti-Malware
Application.Bundler.HG
8.15.01.04.12

ESET NOD32
Win32/Thinknice.E potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Thinknice
1/4/2015

F-Secure
Riskware.Application.Bundler.HG
11.2015-04-01_1

G Data
Win32.Application.SearchProtect.AE
14.10.24

K7 AntiVirus
Trojan
13.188.14468

Malwarebytes
PUP.Optional.Skytech.A
v2014.10.21.03

McAfee
Artemis!1A3155827C5F
5600.6896

MicroWorld eScan
Application.Bundler.HG
16.0.0.12

Norman
Application.Bundler.HG
11.20150104

Panda Antivirus
Trj/CI.A
15.01.04.12

Qihoo 360 Security
Win32/Application.a8f
1.0.0.1015

Reason Heuristics
PUP.LiyanLiu.P
14.10.21.3

VIPRE Antivirus
Elex Installer
34108

File size:
26 KB (26,592 bytes)

Product version:
2.0.1.739

Copyright:
Copyright (C) 2014

Original file name:
SearchProtect.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\suptab\searchprotect32.dll

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 8:00:00 AM

Valid to:
7/27/2015 8:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02CA146AED05062A5F6C4AC5628BBC00

File PE Metadata
Compilation timestamp:
8/13/2014 6:47:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
384:dbmVxVGBvPA1Z8AWDvXg4fDbCiZKzn85uyt49nYPLOQt1RKDeDGc+tFOFdyB:YGxWWAEvXZvPZKz85VtAfQtqiDGxt2A

Entry address:
0x3235

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3E, 05, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 10, 68, 48, 46, 00, 10, E8, 7C, 02, 00, 00, 33, C0, 40, 8B, F0, 89, 75, E4, 33, DB, 89, 5D, FC, 8B, 7D, 0C, 89, 3D, 20, 50, 00, 10, 89, 45, FC, 85, FF, 75, 0C, 39, 3D, 30, 51, 00, 10, 0F, 84, D4, 00, 00, 00, 3B, F8, 74, 05, 83, FF, 02, 75, 38, A1, 70, 41, 00, 10, 85, C0, 74, 0E, FF, 75, 10, 57, FF, 75, 08, FF, D0, 8B, F0, 89, 75, E4, 85, F6, 0F, 84, B1, 00, 00, 00...
 
[+]

Entropy:
6.2580

Developed / compiled with:
Microsoft Visual C++

Code size:
11 KB (11,264 bytes)

The file searchprotect32.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove searchprotect32.dll - Powered by Reason Core Security