home

suptab.dll

SupTab

Zhang Ling

The module suptab.dll, “SupTab setup package” by Zhang Ling has been detected as adware by 16 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘IETabPage Class’. Additionally, the file is typically installed by a number of programs including SupTab by Thinknice Co. Limited and Linkey by Aztec Media Inc., both potentially unwanted software.
Publisher:
Thinknice Co. Limited  (signed by Zhang Ling)

Product:
SupTab

Description:
SupTab setup package

Version:
2.8.8.295

MD5:
d17b47bf7ef004f3a7e74dfb3b0aa981

SHA-1:
e0d486c68536c75a4716672aa52802ee493f5da1

SHA-256:
25944ddd6d8e6f0c607fdbf27f39d4eed39d7e78547fda76db4afdd5855dbf7c

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
1/12/2025 4:02:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OFO
926

Agnitum Outpost
PUA.Agent
7.1.1

AVG
Zhangling
2015.0.3404

Baidu Antivirus
Adware.Win32.Thinknice
4.0.3.14724

Bitdefender
Adware.Agent.OFO
1.0.20.1025

Dr.Web
Trojan.Click3.8536
9.0.1.0205

Emsisoft Anti-Malware
Adware.Agent.OFO
8.14.07.24.07

ESET NOD32
Win32/Thinknice
8.10146

F-Secure
Adware.Agent.OFO
11.2014-24-07_5

G Data
Adware.Agent.OFO
14.7.24

IKARUS anti.virus
PUA.SubTab
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.SupTab.A
v2014.07.24.07

MicroWorld eScan
Adware.Agent.OFO
15.0.0.615

Reason Heuristics
PUP.BHO.ZhangLing.G
14.7.31.23

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
31554

File size:
503.4 KB (515,464 bytes)

Product version:
2.8.8.295

Copyright:
Copyright (C) 2013

Original file name:
setup.exe

File type:
Dynamic link library (Win32 DLL)

Language:
English (United Kingdom)

Common path:
C:\Program Files\suptab\suptab.dll

Digital Signature
Signed by:
Zhang Ling

Authority:
WoSign CA Limited

Valid from:
6/6/2014 4:29:18 AM

Valid to:
6/6/2015 4:29:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
5/8/2014 8:25:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:IBlPU/7JDnHzYm71xOp82oNCH1AeOa1Tk1nV3oOerOKJ4:WVUhn6oEVdnuVherOq4

Entry address:
0x228D4

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C5, C6, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C0, 16, 06, 10, E8, CD, 5E, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 80, A5, 06, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 7C, 5A, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.0795

Developed / compiled with:
Microsoft Visual C++

Code size:
325.5 KB (333,312 bytes)

Internet Explorer BHO
CLSID:
{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

CLSID name:
IETabPage Class


The file suptab.dll has been discovered within the following programs.

Linkey  by Aztec Media Inc.
Linkey is a potentially unwanted web browser search extension for the top browsers and designed to modify the user's search and home pages (www.default-search.com or www.linkeyproject.com/app/) in order to direct advertising via the linkeyproject.com portal.
linkeyproject.com
81% remove it
SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove suptab.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.