suptab.dll

SupTab

Giner Tech Inc

The module suptab.dll, “SupTab setup package” by Giner Tech Inc has been detected as adware by 18 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘IETabPage Class’. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Thinknice Co. Limited  (signed by Giner Tech Inc)

Product:
SupTab

Description:
SupTab setup package

Version:
2.8.8.2201

MD5:
b63df69eca843279bc620101602be210

SHA-1:
0f29d027131d6b6b68fac415d29806d1d9c6d2ae

SHA-256:
559702be0673934a662c9c35cd19dfafcfffe71a90259e426c0f5e2b4b7faba9

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
12/28/2024 11:38:50 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Barys.2490.jh.1
7.11.30.172

avast!
Win32:GenMaliciousA-EHB [PUP]
2014.9-150416

AVG
Generic
2016.0.3137

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.SupTab
0.98/21511

Dr.Web
Adware.Mutabaha.303
9.0.1.05190

ESET NOD32
Win32/Thinknice.B potentially unwanted (variant)
9.11508

Fortinet FortiGate
Riskware/Thinknice
4/16/2015

herdProtect (fuzzy)
2015.7.18.8

K7 AntiVirus
Adware
13.203.15658

Malwarebytes
PUP.Optional.SupTab.A
v2015.04.16.04

McAfee
Artemis!FC60E0CEB672
5600.6793

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Thinknice.Installer
15.4.16.12

Sophos
Generic PUA KB
4.98

Trend Micro House Call
Suspicious_GEN.F47V0402
7.2.106

VIPRE Antivirus
Adware.SearchProtect
39544

File size:
525.6 KB (538,208 bytes)

Product version:
2.8.8.2201

Copyright:
Copyright (C) 2013

Original file name:
setup.exe

File type:
Dynamic link library (Win32 DLL)

Language:
English (United Kingdom)

Common path:
C:\Program Files\xtab\suptab.dll

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
3/24/2015 2:10:38 PM

Valid to:
12/2/2015 9:53:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112167537F02B71858D5AA3FC5D6CBB4265C

File PE Metadata
Compilation timestamp:
4/10/2015 11:23:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:QENp9SRQuY24lRMPwhkPJnS8weDfZSAgVN:lNpLuJ4bASkPlHdSvVN

Entry address:
0x26804

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, CC, C7, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 58, 64, 06, 10, E8, AD, 60, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, A8, F5, 06, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 54, 9F, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.0715

Developed / compiled with:
Microsoft Visual C++

Code size:
343.5 KB (351,744 bytes)

Internet Explorer BHO
CLSID:
{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

CLSID name:
IETabPage Class


Remove suptab.dll - Powered by Reason Core Security