searchprotect32.dll

2.0.1.739

Zhang Ling

The module searchprotect32.dll by Zhang Ling has been detected as adware by 23 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
2.0.1.739

Description:
Skytech

Version:
2.0.1.739

MD5:
d945caaf514ac60a643dae9885ded9fc

SHA-1:
db951bb525be4ea96943ad7487bf5279f17ed3b1

SHA-256:
b6578069e7615a791b5790cdbd0662f69006d52bb7a418a999b19f604ffb04f2

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
12/25/2024 12:33:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.HG
762

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:SupTab-C [Adw]
2014.9-150104

AVG
Zhangling
2015.0.3379

Baidu Antivirus
Adware.Win32.Thinknice
4.0.3.14818

Bitdefender
Application.Bundler.HG
1.0.20.20

Clam AntiVirus
Win.Adware.SupTab
0.98/19843

Dr.Web
Trojan.StartPage1.6314
9.0.1.04

Emsisoft Anti-Malware
Application.Bundler.HG
8.15.01.04.12

ESET NOD32
Win32/Thinknice.E potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Thinknice
1/4/2015

F-Secure
Riskware.Application.Bundler.HG
11.2015-04-01_1

G Data
Application.Bundler.HG
15.1.24

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.188.14468

Malwarebytes
PUP.Optional.Skytech.A
v2014.08.18.09

McAfee
Artemis!1A3155827C5F
5600.6896

MicroWorld eScan
Application.Bundler.HG
16.0.0.12

Norman
Application.Bundler.HG
11.20150104

Panda Antivirus
Trj/CI.A
15.01.04.12

Qihoo 360 Security
Win32/Application.a8f
1.0.0.1015

Reason Heuristics
PUP.ZhangLing.P
14.8.18.8

VIPRE Antivirus
Threat.4788726
35418

File size:
27.4 KB (28,040 bytes)

Product version:
2.0.1.739

Copyright:
Copyright (C) 2014

Original file name:
SearchProtect.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Chinese

Common path:
C:\Program Files\suptab\searchprotect32.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/6/2014 4:29:18 AM

Valid to:
6/6/2015 4:29:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
8/13/2014 11:47:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
384:fbmVxVGBvPA1Z8AWDvXg4fDbCiZKzn85uyt4onYPLJqhVkXNh/bq1VG0EC:SGxWWAEvXZvPZKz85Vt59hObqR9

Entry address:
0x3235

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3E, 05, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 10, 68, 48, 46, 00, 10, E8, 7C, 02, 00, 00, 33, C0, 40, 8B, F0, 89, 75, E4, 33, DB, 89, 5D, FC, 8B, 7D, 0C, 89, 3D, 20, 50, 00, 10, 89, 45, FC, 85, FF, 75, 0C, 39, 3D, 30, 51, 00, 10, 0F, 84, D4, 00, 00, 00, 3B, F8, 74, 05, 83, FF, 02, 75, 38, A1, 70, 41, 00, 10, 85, C0, 74, 0E, FF, 75, 10, 57, FF, 75, 08, FF, D0, 8B, F0, 89, 75, E4, 85, F6, 0F, 84, B1, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
11 KB (11,264 bytes)

Remove searchprotect32.dll - Powered by Reason Core Security