searchprotect64.dll

2.0.1.739

Liyan Liu

The module searchprotect64.dll by Liyan Liu has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.
Publisher:
Skytech Co., Ltd.  (signed by Liyan Liu)

Product:
2.0.1.739

Description:
Skytech

Version:
2.0.1.739

MD5:
756de1db3cb1648749550dc9ff2d87ec

SHA-1:
1f6431762082c58efaf9744e7fe36759a830bff5

SHA-256:
874d58b33b8eb8c024de6f84c83d6821fbaf5f8c1bc380dc4e5de6699189f6b7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 1:09:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.8.30.11

File size:
107.5 KB (110,048 bytes)

Product version:
2.0.1.739

Copyright:
Copyright (C) 2014

Original file name:
SearchProtect.dll

File type:
Dynamic link library (Win64 DLL)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\suptab\searchprotect64.dll

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 3:00:00 AM

Valid to:
7/27/2015 3:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02CA146AED05062A5F6C4AC5628BBC00

File PE Metadata
Compilation timestamp:
8/13/2014 1:47:26 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:q2zBTJ3q3D7z40tVfg+8WBWM3HrPQJXGg5uRpu7LMw4Dds7PK+kEJS/QGjE5SYvB:q2tThckGtgo/SCyr

Entry address:
0x3EE8

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, AB, 30, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 34, 46, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Code size:
47.5 KB (48,640 bytes)

The file searchprotect64.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove searchprotect64.dll - Powered by Reason Core Security