home

protectservice.exe

MiniLite

合肥智明星通软件科技有限公司

The application protectservice.exe by 合肥智明星通软件科技有限公司 has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IHProtect Service”. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
MiniLite system  (signed by 合肥智明星通软件科技有限公司)

Product:
MiniLite

Description:
MiniLiteSvc.exe

Version:
6.6.2.2771

MD5:
d0a4fd099b7ee90b302be9d1a13a2ebd

SHA-1:
2756431d2a8df3c11f7f898f376e6c738386740e

SHA-256:
e6b37089991835dd75b03b5b1731b7af459f30418e5aabacfafc8cf65d6aae44

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
6/13/2024 1:17:10 AM UTC  (today)

Scan engine
Detection
Engine version

G Data
Win32.Application.SearchProtect.AA@gen
15.8.25

Panda Antivirus
Trj/Genetic.gen
15.08.24.11

Reason Heuristics
PUP..Reputation
15.10.10.18

File size:
129.7 KB (132,768 bytes)

Product version:
6.6.2.2771

Copyright:
Copyright (C) of MiniLite 2002

Original file name:
ProtectSvc.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\minilite\protectservice.exe

Digital Signature
Signed by:
合肥智明星通软件科技有限公司

Authority:
GlobalSign nv-sa

Valid from:
8/5/2015 8:17:44 AM

Valid to:
8/5/2016 8:17:44 AM

Subject:
CN=合肥智明星通软件科技有限公司, O=合肥智明星通软件科技有限公司, L=合肥, S=安徽, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121EED58E5F3B9897A9E54316DE64FBF98C

File PE Metadata
Compilation timestamp:
8/24/2015 8:59:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:4pIFw+9WF8ljzXt4n90OdKikYDn42fbMXiEZt4Y+qrattCzxPH+1AoV:4pIi9MX22ONYr+qrattCzxPej

Entry address:
0x124D0

Entry point:
E8, 8C, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 84, 52, 41, 00, 6A, 0C, 68, 00, 70, 41, 00, E8, 54, 01, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 55, 01, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A...
 
[+]

Code size:
77 KB (78,848 bytes)

Service
Display name:
IHProtect Service

Type:
Win32OwnProcess


Remove protectservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.