home

CmdShell.exe

Giner Tech Inc

The application CmdShell.exe by Giner Tech Inc has been detected as adware by 15 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
SearchProtect  (signed by Giner Tech Inc)

Product:
SearchProtect

Description:
CmdShell.exe

Version:
4,0,1,2503

MD5:
9da2bcf2842bb444e5dd761286266e2b

SHA-1:
e2ebf9aa6a9fd54fa966fa65836e62c0c789641f

SHA-256:
fcdce84b26a1632a9fc68bb830deb84adb386e6fba47676ac305123450e171e7

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
11/30/2024 9:11:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.SubTab
7.1.1

AhnLab V3 Security
PUP/Win32.SearchProtect
2015.06.12

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15612

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.383
9.0.1.0166

ESET NOD32
Win32/ELEX.CY potentially unwanted (variant)
9.11774

G Data
Win32.Application.SearchProtect.AA@gen
15.6.25

K7 AntiVirus
Adware
13.205.16221

Kaspersky
not-a-virus:AdWare.Win32.SubTab
14.0.0.1884

Malwarebytes
PUP.Optional.Giner
v2015.06.12.05

Quick Heal
PUA.SearchProtect.OD3
6.15.14.00

Reason Heuristics
PUP.Thinknice.GinerTech
15.6.12.13

Sophos
SearchProtect
4.98

VIPRE Antivirus
Adware.Win32.SubTab
41056

Zillya! Antivirus
Adware.SearchProtect.Win32.48
2.0.0.2219

File size:
28.6 KB (29,312 bytes)

Product version:
4,0,1,2503

Copyright:
Copyright (C) 2014

Original file name:
CmdShell.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\miuitab\cmdshell.exe

Digital Signature
Signed by:
Giner Tech Inc

Authority:
GlobalSign nv-sa

Valid from:
6/12/2015 7:46:50 AM

Valid to:
12/2/2015 9:53:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FB793B677F1D12C7BCC7B71B945F3810

File PE Metadata
Compilation timestamp:
5/28/2015 12:14:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
384:jpMfCTe+2KBY/iBBOpftY0A4OIfnILyvaedh+glXu4JUdm4nLr3PLuHINB560r:Kd+2Ka6UUkfI+vaedhzDuI4/G+B560r

Entry address:
0x267E

Entry point:
E8, 8E, 03, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, 2C, 30, 40, 00, 6A, 01, A3, 9C, 44, 40, 00, E8, 81, 04, 00, 00, FF, 75, 08, E8, 7F, 04, 00, 00, 83, 3D, 9C, 44, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 67, 04, 00, 00, 59, 68, 09, 04, 00, C0, E8, 68, 04, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 73, 04, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 80, 42, 40, 00, 89, 0D, 7C, 42, 40, 00, 89, 15, 78, 42, 40, 00, 89, 1D, 74, 42, 40, 00, 89, 35, 70, 42, 40, 00, 89, 3D, 6C...
 
[+]

Entropy:
5.7421

Code size:
8 KB (8,192 bytes)

Remove CmdShell.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.