home

suptab_v5.8.8.749_noblank.exe

Zhang Ling

The application suptab_v5.8.8.749_noblank.exe by Zhang Ling has been detected as adware by 3 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory.
Publisher:
Zhang Ling  (signed and verified)

Version:
5.8.8.749

MD5:
938786491250b6c7aa2b0a9570224890

SHA-1:
262a53ed85a2174d8e9f5236451c51caba7a39e4

SHA-256:
d33ab8712ef4cb0c6f5b177cb7a6a885861eb26a9744347954e6de1bb887f398

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
1/24/2025 1:30:36 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Zhangling
2015.0.3379

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.7.5.0

Reason Heuristics
PUP.ZhangLing.W
14.8.18.8

File size:
2.4 MB (2,526,088 bytes)

Product version:
5.8.8.749

Copyright:
Copyright (C) 2014

Original file name:
SupPacke.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\suptab_v5.8.8.749_noblank.exe

Digital Signature
Signed by:
Zhang Ling

Authority:
WoSign CA Limited

Valid from:
6/6/2014 4:29:18 AM

Valid to:
6/6/2015 4:29:18 AM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
07DAC38DB37E09DF8C8634065592DFE3

File PE Metadata
Compilation timestamp:
8/14/2014 8:35:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:jZkkF9uKrG/Qn3CAAsoyLgU9Z8WhsHyNIQ1zga6+jxs4MWJ4rNfa+:N78u3CAsytPhvaQpL6dLb

Entry address:
0x4EABD

Entry point:
E8, E2, 5B, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 3A, 24, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 6C, 67, 47, 00, 74, 11, A1, 2C, 68, 47, 00, 85, 42, 70, 75, 07, E8, 65, 5F, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, A0, 60, 47, 00, 74, 15, 8B, 4E, 08, A1, 2C, 68, 47, 00, 85, 41, 70, 75, 08, E8, DD, 4E, 00, 00, 89, 46, 04, 8B, 4E, 08, 8B, 41, 70, A8, 02, 75, 16, 83, C8, 02, 89, 41, 70, C6, 46, 0C, 01, EB...
 
[+]

Code size:
374 KB (382,976 bytes)

Remove suptab_v5.8.8.749_noblank.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.