» searchprotect32.dll
Overview
Analysis
File Details
Programs (1)

searchprotect32.dll

1.0.3.265

Thinknice Co. Limited

The module searchprotect32.dll by Thinknice Co. Limited has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.

File name:

searchprotect32.dll

Publisher:

Skytech Co., Ltd. (signed by Thinknice Co. Limited)

Product:

1.0.3.265

Description:

Skytech

Version:

1.0.3.265

MD5:

5d1739f562ab5f2c309a3e84e820ae4f

SHA-1:

640db43a90b59739b1cd5505d152e1de46bf76f7

SHA-256:

94cbf1753810bb398a425a10f7a913951697d25edaaf930dec51a9482596f26d

Scanner detections:

10 / 68

Status:

Adware

Analysis date:

4/25/2024 6:38:00 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Agent

4.0.3.141117

Fortinet FortiGate

Adware/Agent

11/17/2014

G Data

Win32.Application.SubTab

14.11.24

K7 AntiVirus

Unwanted-Program

13.180.12463

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.2931

Malwarebytes

PUP.Optional.Skytech.A

v2014.11.17.07

Panda Antivirus

Trj/Chgt.A

14.11.17.07

Reason Heuristics

PUP.ThinkniceCoLimited.P

14.11.17.19

Sophos

Elex

4.98

Trend Micro House Call

Suspicious_GEN.F47V0612

7.2.321

File size:

90.1 KB (92,272 bytes)

Product version:

1.0.3.265

Original file name:

SProtectLoad.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Chinese

Common path:

C:\Program Files\suptab\searchprotect32.dll

Digital Signature

Signed by:

Thinknice Co. Limited

Authority:

GlobalSign nv-sa

Valid from:

11/26/2013 4:34:13 AM

Valid to:

11/27/2014 4:34:13 AM

Subject:

CN=Thinknice Co. Limited, O=Thinknice Co. Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11218A5EF69A65044FE28125681D829B5EFE

File PE Metadata

Compilation timestamp:

6/5/2014 4:35:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:cZEWrcVBc64r82XVh+tccdessWjcdDYfADxJa1RUoh6h:NWcn6LVh+JcMIxTohc

Entry address:

0x2F16

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, D9, 2B, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E0, 08, 01, 10, E8, 0B, 15, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 58, 2F, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, F0, BF, 00, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

37.5 KB (38,400 bytes)

The file searchprotect32.dll has been discovered within the following program.

SupTab by Thinknice Co. Limited

SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.

80% remove it

Remove searchprotect32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.