home

winsearchchs.dll

OCEAN INC Co.,Ltd.

The module winsearchchs.dll by OCEAN INC Co.,Ltd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
winsearch  (signed by OCEAN INC Co.,Ltd.)

Product:
winsearch

Version:
1.00

MD5:
b80492375e1b26c6c72e92a465da96de

SHA-1:
20e41f4f5a826eb3dde73e45ce362761a39a59ba

SHA-256:
d735e1768e13aad9471328b7804a7891a36bebae5348d69eac803678f8471e38

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 2:21:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DevineMedia.OCEAN (M)
16.2.7.3

File size:
119.9 KB (122,760 bytes)

Product version:
1.00

Original file name:
winsearchchs.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Korean (Korea)

Common path:
C:\Program Files\winsearchchs\winsearchchs.dll

Digital Signature
Signed by:
OCEAN INC Co.,Ltd.

Authority:
Thawte, Inc.

Valid from:
9/10/2012 7:00:00 AM

Valid to:
9/11/2013 6:59:59 AM

Subject:
CN="OCEAN INC Co.,Ltd.", OU=Dev Team, O="OCEAN INC Co.,Ltd.", L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
78B74B1C1105789C07CAA6DD3FC82BCE

File PE Metadata
Compilation timestamp:
5/13/2013 12:00:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:YZVXOJoxp+Rnm//hRho4bUCwTA4JrceFPO27QtC:YTeex4RTJgU57YC

Entry address:
0x21AC

Entry point:
5A, 68, 24, 98, 01, 11, 68, 28, 98, 01, 11, 52, E9, E9, FF, FF, FF, 00, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 82, AD, F5, EF, 91, 83, 45, 40, BE, 2C, 66, 22, 04, E3, 54, 2A, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 77, 69, 6E, 73, 65, 61, 72, 63, 68, 63, 68, 73, 70, 72, 67, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 05, 00, 00, 00, FE, F9, D5, DD, C7, 9C, 2E, 42, 95, 8C, 5D, A2, 5F, 0A, B2, 9A...
 
[+]

Entropy:
5.6515

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
92 KB (94,208 bytes)

Remove winsearchchs.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.