home

suptab.dll

SupTab

Giner Tech Inc

The module suptab.dll, “SupTab setup package” by Giner Tech Inc has been detected as adware by 20 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘IETabPage Class’. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Thinknice Co. Limited  (signed by Giner Tech Inc)

Product:
SupTab

Description:
SupTab setup package

Version:
2.8.8.2229

MD5:
f26d9da889e2774af48f3e7f043f1b1d

SHA-1:
336d64d2b8bb9a60d6e62f508299ca0060c363c3

SHA-256:
4ab1ae1c9f458ea939a0d13b570f4e97c0c36ea2207b826ec69c8b46af9d86a8

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
11/27/2024 4:42:50 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
PUA/Subtab.Gen
3.6.1.96

avast!
Win32:GenMaliciousA-EHB [PUP]
150414-0

AVG
Generic
2016.0.3139

Baidu Antivirus
PUA.Win32.Thinknice
4.0.3.15717

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.SupTab
0.98/21511

ESET NOD32
Win32/Thinknice.B potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Thinknice.B
4/18/2015

G Data
Win32.Application.Agent.6SKZ8Q
15.7.25

herdProtect (fuzzy)
variant of f
2015.7.17.1

K7 AntiVirus
Adware
13.202.15600

Malwarebytes
PUP.Optional.SupTab.A
v2015.04.15.11

McAfee
Artemis!23D91A8FC4DC
5600.6702

Panda Antivirus
Generic Suspicious
15.07.17.01

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Thinknice.Installer
15.4.15.11

Sophos
Generic PUA KB
4.98

Trend Micro
TROJ_GEN.R08NC0OE415
10.465.17

VIPRE Antivirus
Adware.SearchProtect
38994

File size:
525.6 KB (538,208 bytes)

Product version:
2.8.8.2229

Copyright:
Copyright (C) 2013

Original file name:
setup.exe

File type:
Dynamic link library (Win32 DLL)

Language:
English (United Kingdom)

Common path:
C:\Program Files\xtab\suptab.dll

Digital Signature
Signed by:
Giner Tech Inc

Authority:
GlobalSign nv-sa

Valid from:
3/24/2015 9:40:38 AM

Valid to:
12/2/2015 5:23:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112167537F02B71858D5AA3FC5D6CBB4265C

File PE Metadata
Compilation timestamp:
4/15/2015 10:13:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:CENp9SRQuY24lRMPwhkPJnS8wenfZPIgV5:nNpLuJ4bASkPlHBPXV5

Entry address:
0x26804

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, CC, C7, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 58, 64, 06, 10, E8, AD, 60, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, A8, F5, 06, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 54, 9F, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
343.5 KB (351,744 bytes)

Internet Explorer BHO
CLSID:
{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

CLSID name:
IETabPage Class


Remove suptab.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.