windowssupportdll32.dll

Zhang Ling

The module windowssupportdll32.dll by Zhang Ling has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Zhang Ling  (signed and verified)

MD5:
958560d0fbbe09c1dd7d3d648464f9ba

SHA-1:
8a84b1c0899412460d707af03f6403d62cf79994

SHA-256:
f67aa8c66d98571cda0911b1aba449ecf0d78ea84d142a3a0a92f55ded8cad61

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
12/25/2024 1:08:27 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.SearchProtect
2014.09.24

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

Baidu Antivirus
Adware.Win32.Agent
4.0.3.14924

G Data
Win32.Application.SubTab
14.12.24

Kaspersky
Packed.Win32.Krap
14.0.0.3203

Reason Heuristics
PUP.ZhangLing.Q
14.9.24.7

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10195

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4729122
33706

Zillya! Antivirus
Adware.Agent.Win32.12802
2.0.0.1930

File size:
23.4 KB (23,944 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\suptab\windowssupportdll32.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/23/2014 8:39:35 PM

Valid to:
6/23/2015 8:39:35 PM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4BD6CD01962107D32D308240DA61E020

File PE Metadata
Compilation timestamp:
8/13/2014 2:29:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
384:YH2Rg6Ycm3xWm1CvZcVjqwTsTKMnnYPL5yMXNh/bq1VG0EG1:KeYc5m1CvZgdTsTKMnQbqRH1

Entry address:
0x29E7

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3C, 05, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 10, 68, 18, 45, 00, 10, E8, 4A, 03, 00, 00, 33, C0, 40, 8B, F0, 89, 75, E4, 33, DB, 89, 5D, FC, 8B, 7D, 0C, 89, 3D, 20, 50, 00, 10, 89, 45, FC, 85, FF, 75, 0C, 39, 3D, F0, 50, 00, 10, 0F, 84, D4, 00, 00, 00, 3B, F8, 74, 05, 83, FF, 02, 75, 38, A1, 60, 41, 00, 10, 85, C0, 74, 0E, FF, 75, 10, 57, FF, 75, 08, FF, D0, 8B, F0, 89, 75, E4, 85, F6, 0F, 84, B1, 00, 00, 00...
 
[+]

Entropy:
6.5463

Developed / compiled with:
Microsoft Visual C++

Code size:
8.5 KB (8,704 bytes)

The file windowssupportdll32.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove windowssupportdll32.dll - Powered by Reason Core Security