searchprotect32.dll

2.0.1.613

Zhang Ling

The module searchprotect32.dll by Zhang Ling has been detected as adware by 3 anti-malware scanners. Additionally, the file is typically installed by a number of programs including SupTab by Thinknice Co. Limited and Linkey by Aztec Media Inc., both potentially unwanted software.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
2.0.1.613

Description:
Skytech

Version:
2.0.1.613

MD5:
6e3e1b6ea4426c1fbbc9c64931ca3495

SHA-1:
ef5403f8a563df03de0728dfff843b90f72f1141

SHA-256:
a7d436ec9363387a06b8012129273b7960f656feececb81b28ff817c30aa06f9

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/25/2024 12:29:08 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Zhangling
2015.0.3404

Malwarebytes
PUP.Optional.Skytech.A
v2014.07.24.09

Reason Heuristics
PUP.ZhangLing.P
14.7.31.23

File size:
95.9 KB (98,184 bytes)

Product version:
2.0.1.613

Copyright:
Copyright (C) 2014

Original file name:
SearchProtect.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\suptab\searchprotect32.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
6/6/2014 4:29:18 AM

Valid to:
6/6/2015 4:29:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
7/16/2014 9:02:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:yz6bBMLu0O8R72Wp7x+4c1isWjcdRDgZ0o3M0iTOhObah:s6bB+x2wF+jNy0o3M0iTgH

Entry address:
0x3C5B

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E4, 2B, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, F8, 19, 01, 10, E8, 16, 15, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 98, 3F, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 10, D0, 00, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
5.8309

Developed / compiled with:
Microsoft Visual C++

Code size:
41 KB (41,984 bytes)

The file searchprotect32.dll has been discovered within the following programs.

Linkey  by Aztec Media Inc.
Linkey is a potentially unwanted web browser search extension for the top browsers and designed to modify the user's search and home pages (www.default-search.com or www.linkeyproject.com/app/) in order to direct advertising via the linkeyproject.com portal.
linkeyproject.com
81% remove it
SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove searchprotect32.dll - Powered by Reason Core Security