windowssupportdll32.dll

Liyan Liu

The module windowssupportdll32.dll by Liyan Liu has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Liyan Liu  (signed and verified)

MD5:
798cff66accab7f2875971ece8845eb7

SHA-1:
1b54009f60ee32395f707881135097f44c510c3c

SHA-256:
aed4b6297fdc6787224b75217054bb7ff55b4643d98c04f2526396569913b0e9

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
12/25/2024 1:26:33 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.SearchProtect
2014.10.21

Baidu Antivirus
Adware.Win32.Agent
4.0.3.141021

G Data
Win32.Application.SubTab
14.10.24

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Reason Heuristics
PUP.LiyanLiu.Q
14.10.21.1

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4788726
33706

Zillya! Antivirus
Adware.Agent.Win32.12802
2.0.0.1960

File size:
22 KB (22,496 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\suptab\windowssupportdll32.dll

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/22/2014 8:00:00 AM

Valid to:
7/27/2015 8:00:00 PM

Subject:
CN=Liyan Liu, O=Liyan Liu, L=Wenzhou, S=Zhejiang, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02CA146AED05062A5F6C4AC5628BBC00

File PE Metadata
Compilation timestamp:
8/13/2014 5:29:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
384:ZH2Rg6Ycm3xWm1CvZcVjqwTsTKMenYPLOQt1RKDeDGMhP:leYc5m1CvZgdTsTKMefQtqiDGMN

Entry address:
0x29E7

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3C, 05, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 10, 68, 18, 45, 00, 10, E8, 4A, 03, 00, 00, 33, C0, 40, 8B, F0, 89, 75, E4, 33, DB, 89, 5D, FC, 8B, 7D, 0C, 89, 3D, 20, 50, 00, 10, 89, 45, FC, 85, FF, 75, 0C, 39, 3D, F0, 50, 00, 10, 0F, 84, D4, 00, 00, 00, 3B, F8, 74, 05, 83, FF, 02, 75, 38, A1, 60, 41, 00, 10, 85, C0, 74, 0E, FF, 75, 10, 57, FF, 75, 08, FF, D0, 8B, F0, 89, 75, E4, 85, F6, 0F, 84, B1, 00, 00, 00...
 
[+]

Entropy:
6.4203

Developed / compiled with:
Microsoft Visual C++

Code size:
8.5 KB (8,704 bytes)

The file windowssupportdll32.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove windowssupportdll32.dll - Powered by Reason Core Security