searchprotect64.dll

2.0.1.739

Zhang Ling

The module searchprotect64.dll by Zhang Ling has been detected as adware by 7 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Skytech Co., Ltd.  (signed by Zhang Ling)

Product:
2.0.1.739

Description:
Skytech

Version:
2.0.1.739

MD5:
7a252797d38b4d7566ede126048ad87e

SHA-1:
ad61f34f7552afea24891571b725705e41e6edcf

SHA-256:
3ab192071def1c5e9ade644cacf233d3e92e18d976ee0d0d19713beb1939d1e7

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/25/2024 12:58:21 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/SubTab.spe
7.11.174.142

Baidu Antivirus
Adware.Win64.Thinknice
4.0.3.14925

ESET NOD32
Win64/Thinknice.F potentially unwanted application
8.7.0.302.0

G Data
Win64.Application.SearchProtect.AF
14.12.24

Malwarebytes
PUP.Optional.Skytech.A
v2014.09.25.01

Reason Heuristics
PUP.ZhangLing.P
14.9.25.12

VIPRE Antivirus
Threat.4788726
33706

File size:
108.4 KB (110,984 bytes)

Product version:
2.0.1.739

Copyright:
Copyright (C) 2014

Original file name:
SearchProtect.dll

File type:
Dynamic link library (Win64 DLL)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\suptab\searchprotect64.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/24/2014 6:39:35 AM

Valid to:
6/24/2015 6:39:35 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4BD6CD01962107D32D308240DA61E020

File PE Metadata
Compilation timestamp:
9/11/2014 10:23:09 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:O8BTHvSLDvz40tVfh+hWhDMkHO8yQJDGgLOeuy+IzQLms7jl6jE5SYvA1u349GcA:OgTP0AGthlI+Y

Entry address:
0x3EE8

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, AB, 30, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 34, 46, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
5.6962

Code size:
47.5 KB (48,640 bytes)

The file searchprotect64.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove searchprotect64.dll - Powered by Reason Core Security