» searchprotect64.dll
Overview
Analysis
File Details
Programs (1)

searchprotect64.dll

1.0.3.265

Thinknice Co. Limited

The module searchprotect64.dll by Thinknice Co. Limited has been detected as adware by 27 anti-malware scanners. This file is typically installed with the program SupTab by Thinknice Co. Limited which is a potentially unwanted software program. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.

File name:

searchprotect64.dll

Publisher:

Skytech Co., Ltd. (signed by Thinknice Co. Limited)

Product:

1.0.3.265

Description:

Skytech

Version:

1.0.3.265

MD5:

3f2b4096619b645d55532a76ea0f4e30

SHA-1:

08a9e7e73c42815a489739179202c70677dd17a0

SHA-256:

71daf9b29ea1fa65e0ca563741fb96efd656e8031cfd32f0f4057f8469f75c2e

Scanner detections:

27 / 68

Status:

Adware

Analysis date:

4/19/2024 8:25:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.954601

554

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.SearchProtect

2015.04.23

Avira AntiVirus

PUA/Subtab.opona

3.6.1.96

avast!

Win32:GenMaliciousA-IAZ [PUP]

2014.9-150730

Baidu Antivirus

Adware.Win32.Agent

4.0.3.15730

Bitdefender

Adware.Generic.954601

1.0.20.1055

Bkav FE

W64.HfsAdware

1.3.0.6379

Dr.Web

Adware.Mutabaha.244

9.0.1.0211

Emsisoft Anti-Malware

Adware.Generic.954601

8.15.07.30.12

ESET NOD32

Win64/Thinknice.B potentially unwanted

9.11521

F-Secure

Adware.Generic.954601

11.2015-30-07_5

G Data

Win64.Application.SubTab

15.7.24

K7 AntiVirus

Riskware

13.203.15688

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1657

Malwarebytes

PUP.Optional.Skytech.A

v2015.07.30.12

McAfee

Artemis!3F2B4096619B

5600.6688

MicroWorld eScan

Adware.Generic.954601

16.0.0.633

NANO AntiVirus

Riskware.Win64.Agent.dbmcia

0.30.20.1219

Panda Antivirus

Trj/Chgt.A

15.07.30.12

Qihoo 360 Security

Malware.Radar03.Gen

1.0.0.1015

Quick Heal

AdWare.Agent.r6 (Not a Virus)

7.15.14.00

Reason Heuristics

PUP.Thinknice.ThinkniceCo (M)

15.7.30.12

Sophos

Elex

4.98

SUPERAntiSpyware

Adware.Skytech/Variant

9722

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

Zillya! Antivirus

Adware.Agent.Win32.9827

2.0.0.2149

File size:

102.6 KB (105,072 bytes)

Product version:

1.0.3.265

Original file name:

SProtectLoad.dll

File type:

Dynamic link library (Win64 DLL)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\suptab\searchprotect64.dll

Digital Signature

Signed by:

Thinknice Co. Limited

Authority:

GlobalSign nv-sa

Valid from:

11/26/2013 12:04:13 PM

Valid to:

11/27/2014 12:04:13 PM

Subject:

CN=Thinknice Co. Limited, O=Thinknice Co. Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11218A5EF69A65044FE28125681D829B5EFE

File PE Metadata

Compilation timestamp:

6/5/2014 1:05:28 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:gVkPcT7XTx5YOoTfRV0uLnFh26ewPr+J8hKsWKdaSG942K8NW4Agm:gVacHXT/YOoTfRV0uLjHF+4XG9c8NW/Z

Entry address:

0x2F80

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, A3, 30, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 1C, 45, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

5.5582

Code size:

44 KB (45,056 bytes)

The file searchprotect64.dll has been discovered within the following program.

SupTab by Thinknice Co. Limited

SupTab is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.

80% remove it

Remove searchprotect64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.