suptab_v5.8.8.864_noblank.exe

Zhang Ling

The application suptab_v5.8.8.864_noblank.exe by Zhang Ling has been detected as adware by 25 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Suptab  (signed by Zhang Ling)

Product:
Suptab

Version:
5.8.8.864

MD5:
0b794323677b724a87f5eac14ae998c0

SHA-1:
5afef69dc5ab85ceb14dec2321a76ba3b2790cea

SHA-256:
3dd2a2e3db95e69adfb49d7c8925e92bc176a8dc1563b5cfa9fbb1e49130f419

Scanner detections:
25 / 68

Status:
Adware

Analysis date:
12/25/2024 2:03:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OFO
868

Agnitum Outpost
Trojan.Click
7.1.1

Avira AntiVirus
APPL/SubTab.spe
7.11.173.118

Baidu Antivirus
Adware.Win32.Agent
4.0.3.14919

Bitdefender
Adware.Agent.OFO
1.0.20.1310

Clam AntiVirus
Win.Adware.Agent-7965
0.98/19392

Dr.Web
infected with Trojan.Click3.8536
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.OFO
14.09.19

ESET NOD32
Win32/ELEX.AV potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Thinknice
9/19/2014

F-Secure
Adware.Agent.OFO
11.2014-19-09_6

G Data
Adware.Agent.OFO
14.9.24

K7 AntiVirus
Trojan
13.183.13432

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.IePluginService.A
v2014.09.19.06

McAfee
Artemis!0B794323677B
5600.7002

MicroWorld eScan
Adware.Agent.OFO
15.0.0.786

NANO AntiVirus
Trojan.Win32.Click3.ddmrti
0.28.2.62151

nProtect
Adware.Agent.OFO
14.09.19.01

Panda Antivirus
Trj/Chgt.G
14.09.19.06

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.ZhangLing.W
14.9.19.15

Sophos
Elex
4.98

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
33120

File size:
2.5 MB (2,598,808 bytes)

Copyright:
copyroght (c) 2011-2014 suptab system

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\suptab_v5.8.8.864_noblank.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/15/2014 12:14:58 PM

Valid to:
7/15/2015 12:14:58 PM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
44C9FA07E0C36E90C219294D56307B89

File PE Metadata
Compilation timestamp:
3/22/2010 1:59:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:pX0tTTmXg5gU65MPRKBfYujuX4kcWcDlCWTgefVTWvWpOUblUQuGwcyI:SXgIeMZKBf6okcJDVWyJWzGw5I

Entry address:
0x114A

Entry point:
E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
62 KB (63,488 bytes)

Remove suptab_v5.8.8.864_noblank.exe - Powered by Reason Core Security