windowssupportdll64.dll

Zhang Ling

The module windowssupportdll64.dll by Zhang Ling has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
Zhang Ling  (signed and verified)

MD5:
d5b9c9335f6bbdef0b9828fdafe96e8b

SHA-1:
caf658a7fb958d0d5a4d34bb7d2a9e6369e25dea

SHA-256:
69091ea24f114d71c1af17b2eb04216b53f68cfaeeabf2980f4d7385b871cda5

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
12/25/2024 1:02:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1094524
762

AhnLab V3 Security
PUP/Win32.SearchProtect
2014.08.23

Avira AntiVirus
APPL/SubTab.spe
7.11.174.42

avast!
Win32:SupTab-C [Adw]
2014.9-150104

AVG
Generic
2016.0.3240

Baidu Antivirus
Adware.Win64.Agent
4.0.3.14924

Bitdefender
Adware.Generic.1094524
1.0.20.20

Clam AntiVirus
Win.Adware.SupTab
0.98/19843

Emsisoft Anti-Malware
Adware.Generic.1094524
8.15.01.04.12

F-Secure
Adware.Generic.1094524
11.2015-04-01_1

G Data
Adware.Generic.1094524
15.1.24

Kaspersky
not-a-virus:AdWare.Win64.Agent
14.0.0.3203

McAfee
Artemis!136BF6FD547D
5600.6896

MicroWorld eScan
Adware.Generic.1094524
16.0.0.12

Norman
Adware.Generic.1094524
11.20150104

Panda Antivirus
Generic Suspicious
15.01.04.12

Reason Heuristics
PUP.ZhangLing.Q
14.9.24.7

VIPRE Antivirus
Threat.4788726
35418

File size:
103.9 KB (106,376 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\suptab\windowssupportdll64.dll

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
9/23/2014 8:39:35 PM

Valid to:
6/23/2015 8:39:35 PM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4BD6CD01962107D32D308240DA61E020

File PE Metadata
Compilation timestamp:
8/13/2014 2:29:27 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:0Zbj9ymTAHTvthhj3jvdleswKwNy24+48rJ:0BjTTi717dlesKy240t

Entry address:
0x3148

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 1B, 21, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 14, 53, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
5.6882

Code size:
44.5 KB (45,568 bytes)

The file windowssupportdll64.dll has been discovered within the following program.

SupTab  by Thinknice Co. Limited
SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove windowssupportdll64.dll - Powered by Reason Core Security