searchprotect32.dll

2.0.1.739

Zhang Ling

The module searchprotect32.dll by Zhang Ling has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
2.0.1.739

Description:
Skytech

Version:
2.0.1.739

MD5:
6361a4ca8ae094b4e60c0ca45b798485

SHA-1:
728a8d0606bb308f97b4f22002403f1a6a164bf1

SHA-256:
f16b0279c748246f58f04bc6f9787319c96fa1e6ee77ea67862c69f2a052845a

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/25/2024 1:07:50 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/SubTab.spe
7.11.174.142

Baidu Antivirus
Adware.Win32.Thinknice
4.0.3.14925

ESET NOD32
Win32/Thinknice.E potentially unwanted application
8.7.0.302.0

Malwarebytes
PUP.Optional.Skytech.A
v2014.09.25.01

Reason Heuristics
PUP.ZhangLing.P
14.9.25.12

File size:
95.9 KB (98,184 bytes)

Product version:
2.0.1.739

Copyright:
Copyright (C) 2014

Original file name:
SearchProtect.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\suptab\searchprotect32.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/24/2014 6:39:35 AM

Valid to:
6/24/2015 6:39:35 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4BD6CD01962107D32D308240DA61E020

File PE Metadata
Compilation timestamp:
9/11/2014 10:38:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:Dz6bBMLu0O8R72W57x+4c1isWjcdR+gZ0rXM0iTzbaH:f6bB+x2AF+jN50rXM0iTe

Entry address:
0x3C5B

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E4, 2B, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, F8, 19, 01, 10, E8, 16, 15, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 98, 3F, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 10, D0, 00, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
5.8303

Developed / compiled with:
Microsoft Visual C++

Code size:
41 KB (41,984 bytes)

The file searchprotect32.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove searchprotect32.dll - Powered by Reason Core Security