home

CmdShell.exe

Thinknice Co., Limited

The application CmdShell.exe by Thinknice Co., Limited has been detected as adware by 16 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
SearchProtect  (signed by Thinknice Co., Limited)

Product:
SearchProtect

Description:
CmdShell.exe

Version:
4,0,1,1678

MD5:
3001d4fdba4d8f48e0318e6c208e8b70

SHA-1:
9df299f53016a2e6a8064be9f7de7c679379449c

SHA-256:
63b9f54942fafa77abc624ca9c49b1093d8c7bf32e8afd73de7de8f71000875d

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
11/6/2024 3:40:50 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.SearchProtect
7.1.1

AVG
Generic
2016.0.3174

Baidu Antivirus
Adware.Win32.Elex
4.0.3.15311

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.117
9.0.1.070

ESET NOD32
Win32/ELEX.BM potentially unwanted
9.11285

Fortinet FortiGate
Adware/SearchProtect
3/11/2015

G Data
Win32.Application.SearchProtect.AA@gen
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15187

Kaspersky
not-a-virus:AdWare.Win32.SearchProtect
14.0.0.2365

Panda Antivirus
Generic Suspicious
15.03.11.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Thinknice
15.3.11.17

Sophos
Generic PUA BP
4.98

Vba32 AntiVirus
AdWare.SearchProtect
3.12.26.3

Zillya! Antivirus
Adware.SearchProtect.Win32.14
2.0.0.2090

File size:
47.1 KB (48,272 bytes)

Product version:
4,0,1,1678

Copyright:
Copyright (C) 2014

Original file name:
CmdShell.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\xtab\cmdshell.exe

Digital Signature
Signed by:
Thinknice Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
10/20/2014 10:26:52 AM

Valid to:
10/21/2015 10:26:52 AM

Subject:
CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217B1525408E122E96F2FC3CB018A64466

File PE Metadata
Compilation timestamp:
1/4/2015 11:34:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
768:tS3vNM7DQzergf+hYabD4VTKRNItvnxbhc/AnSf/bGT:5DQlf+h1bDKKItPxVcidT

Entry address:
0x5DD4

Entry point:
E8, 88, 03, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, A4, 70, 40, 00, 6A, 01, A3, 9C, 94, 40, 00, E8, 7B, 04, 00, 00, FF, 75, 08, E8, 79, 04, 00, 00, 83, 3D, 9C, 94, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 61, 04, 00, 00, 59, 68, 09, 04, 00, C0, E8, 62, 04, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 6D, 04, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 80, 92, 40, 00, 89, 0D, 7C, 92, 40, 00, 89, 15, 78, 92, 40, 00, 89, 1D, 74, 92, 40, 00, 89, 35, 70, 92, 40, 00, 89, 3D, 6C...
 
[+]

Entropy:
6.0626

Code size:
22.5 KB (23,040 bytes)

Remove CmdShell.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.