» searchprotect32.dll
Overview
Analysis
File Details
Programs (1)

searchprotect32.dll

1.0.3.104

Thinknice Co. Limited

The module searchprotect32.dll by Thinknice Co. Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program.

File name:

searchprotect32.dll

Publisher:

Skytech Co., Ltd. (signed by Thinknice Co. Limited)

Product:

1.0.3.104

Description:

Skytech

Version:

1.0.3.104

MD5:

2885a4aea97d1cfe0c3c82c4cf0a9429

SHA-1:

ea1b91f9124b5ee8a90c4c91b77780f43b9c4279

SHA-256:

b6b15fc739e05bb1dacd0170912276f5f221019fc19f6fe48d90b64110b4dc5b

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 7:17:47 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ThinkniceCoLimited.P

14.4.1.12

File size:

89.1 KB (91,248 bytes)

Product version:

1.0.3.104

Original file name:

SProtectLoad.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Chinese

Common path:

C:\Program Files\suptab\searchprotect32.dll

Digital Signature

Signed by:

Thinknice Co. Limited

Authority:

GlobalSign nv-sa

Valid from:

11/26/2013 12:34:13 AM

Valid to:

11/27/2014 12:34:13 AM

Subject:

CN=Thinknice Co. Limited, O=Thinknice Co. Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11218A5EF69A65044FE28125681D829B5EFE

File PE Metadata

Compilation timestamp:

3/19/2014 3:02:51 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:cxrmNksjyE9ZVE12ct9d3KsWjcdR+vyXjyCLeqac:dilE/Q9/R+4yCLeJc

Entry address:

0x29C1

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E6, 20, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 40, 08, 01, 10, E8, 90, 08, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 50, 2F, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 04, B2, 00, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

5.7018

Developed / compiled with:

Microsoft Visual C++

Code size:

36.5 KB (37,376 bytes)

The file searchprotect32.dll has been discovered within the following program.

SupTab by Thinknice Co. Limited

SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.

80% remove it

Remove searchprotect32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.