CmdShell.exe

Giner Tech Inc

The application CmdShell.exe by Giner Tech Inc has been detected as adware by 13 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
SearchProtect  (signed by Giner Tech Inc)

Product:
SearchProtect

Description:
CmdShell.exe

Version:
4,0,1,2609

MD5:
0959284c7bb4425a85b8ceb45b51c92c

SHA-1:
5808e035b462dde1d61c7a2c42fe776dbd5afcd5

SHA-256:
1dc4db4105682095a529371f8dc5f11fb2e15ba052b1e0e3f756a41745054f3f

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/29/2024 12:16:15 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
2014.9-150728

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15616

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.444
9.0.1.0167

ESET NOD32
Win32/ELEX.CY potentially unwanted (variant)
9.11794

G Data
Win32.Application.SearchProtect.AA@gen
15.6.25

Kaspersky
not-a-virus:AdWare.Win32.SearchProtect
14.0.0.1670

Malwarebytes
PUP.Optional.Giner
v2015.06.16.05

Microsoft Security Essentials
Threat.Undefined
1.203.406.0

Quick Heal
PUA.SearchProtect.OD3
6.15.14.00

Reason Heuristics
PUP.Thinknice.GinerTech
15.6.16.17

Sophos
SearchProtect
4.98

VIPRE Antivirus
Threat.4758034
41608

File size:
28.6 KB (29,312 bytes)

Product version:
4,0,1,2609

Copyright:
Copyright (C) 2014

Original file name:
CmdShell.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\Program Files\miuitab\cmdshell.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/12/2015 4:16:50 AM

Valid to:
12/2/2015 5:23:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FB793B677F1D12C7BCC7B71B945F3810

File PE Metadata
Compilation timestamp:
6/16/2015 5:47:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
384:oMjz/cecVYMM7B/ypzY0H8FfeILyvaOdhCRlX34WSmvnLr3PLuHINB56s1UM:/AecV2KhamI+vaOdhM4qv/G+B56s13

Entry address:
0x2680

Entry point:
E8, 8C, 03, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, 30, 30, 40, 00, 6A, 01, A3, 9C, 44, 40, 00, E8, 7F, 04, 00, 00, FF, 75, 08, E8, 7D, 04, 00, 00, 83, 3D, 9C, 44, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 65, 04, 00, 00, 59, 68, 09, 04, 00, C0, E8, 66, 04, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 71, 04, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 80, 42, 40, 00, 89, 0D, 7C, 42, 40, 00, 89, 15, 78, 42, 40, 00, 89, 1D, 74, 42, 40, 00, 89, 35, 70, 42, 40, 00, 89, 3D, 6C...
 
[+]

Code size:
8 KB (8,192 bytes)

Remove CmdShell.exe - Powered by Reason Core Security