» suptab.exe
Overview
Analysis
File Details

suptab.exe

Thinknice Co. Limited

The application suptab.exe by Thinknice Co. Limited has been detected as adware by 21 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

suptab.exe

Publisher:

Thinknice Co. Limited (signed and verified)

MD5:

f36ed4a2ceefb8adca5b001e02dbfb9c

SHA-1:

48225e01c4b94d6b625dd76210836f592bc6487c

SHA-256:

f2d16dc0ea5ac223ea8e120129b2aa0dfd9cd21f1218223ad8db0c811920b681

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

4/25/2024 9:00:35 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

APPL/SubTab.opona

7.11.197.26

avast!

SupTab-G [Adw]

141214-1

Clam AntiVirus

Win.Adware.SupTab

0.98/19817

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/ELEX.AR potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Agent

12/21/2014

G Data

Win32.Application.SubTab

14.12.24

K7 AntiVirus

Trojan

13.188.14395

Kaspersky

not-a-virus:AdWare.Win32.Agent

15.0.0.543

Malwarebytes

PUP.Optional.IePluginService.A

v2014.12.21.01

NANO AntiVirus

Riskware.Win32.Agent.cvdayl

0.28.6.64267

Panda Antivirus

Trj/Chgt.A

14.12.21.01

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Quick Heal

AdWare.Agent.r5 (Not a Virus)

12.14.14.00

Reason Heuristics

PUP.ThinkniceCoLimited.G

14.12.21.12

Sophos

PUA 'Elex' (of type Adware)

5.09

Trend Micro House Call

ADW_TUPSAB

7.2.355

Trend Micro

ADW_TUPSAB

10.465.21

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Threat.4895346

35418

File size:

1 MB (1,073,728 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\suptab.exe

Digital Signature

Signed by:

Thinknice Co. Limited

Authority:

GlobalSign nv-sa

Valid from:

11/26/2013 7:34:13 AM

Valid to:

11/27/2014 7:34:13 AM

Subject:

CN=Thinknice Co. Limited, O=Thinknice Co. Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11218A5EF69A65044FE28125681D829B5EFE

File PE Metadata

Compilation timestamp:

3/22/2010 1:59:20 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:Tg4RjstGBY+7DydmxEOJcAxpdnJZtB1qg4a9tccIwVEL0:PjstyY+XydmtDpdnplkSVk0

Entry address:

0x114A

Entry point:

E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

62 KB (63,488 bytes)

Remove suptab.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.