home

pluginservice.exe

IePlugin control

Thinknice Co. Limited

The application pluginservice.exe by Thinknice Co. Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “IePlugin Service”. This file is typically installed with the program IePluginService12.27.0.3413 by Cherished Technololgy LIMITED which is a potentially unwanted software program.
Publisher:
Cherished Technololgy LIMITED  (signed by Thinknice Co. Limited)

Product:
IePlugin control

Description:
IePlugin Service

Version:
13.27.0.223

MD5:
e91c669db45ec0f1d18185a9b7006e44

SHA-1:
a617316fc74f9512166de6bd877c3fe0a0d5a253

SHA-256:
a30b5789c0f49d1f97d91ce2e883c86b1105e90a96379ecbd7f88ea691feaf49

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 5:51:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Thinknice (M)
16.8.30.8

File size:
688.6 KB (705,136 bytes)

Product version:
13.27.0.223

Copyright:
Copyright (C) 2013

Original file name:
IePluginService.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\ProgramData\iepluginservice\pluginservice.exe

Digital Signature
Signed by:
Thinknice Co. Limited

Authority:
GlobalSign nv-sa

Valid from:
11/26/2013 2:34:13 PM

Valid to:
11/27/2014 2:34:13 PM

Subject:
CN=Thinknice Co. Limited, O=Thinknice Co. Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218A5EF69A65044FE28125681D829B5EFE

File PE Metadata
Compilation timestamp:
4/11/2014 9:54:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:l9JODTChzTwUarE/3Ggp+Ny4x8Tu6AJASfK5xY:l9kDeh3XGU3VbQoAJASfK5m

Entry address:
0x24DE8

Entry point:
E8, EF, C8, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, E9, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 00, A9, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, E9, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00...
 
[+]

Entropy:
5.6834

Code size:
347.5 KB (355,840 bytes)

Service
Display name:
IePlugin Service

Service name:
IePluginService

Description:
IePlugin service

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file pluginservice.exe has been discovered within the following program.

IePluginService12.27.0.3413  by Cherished Technololgy LIMITED
IePluginService is an adware (advertising supported) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).
88% remove it
 
Powered by Should I Remove It?

Remove pluginservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.