home

CmdShell.exe

Giner Tech Inc

The application CmdShell.exe by Giner Tech Inc has been detected as adware by 17 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
SearchProtect  (signed by Giner Tech Inc)

Product:
SearchProtect

Description:
CmdShell.exe

Version:
4,0,1,2609

MD5:
c5708c80a96350aa2ce776a7a8c6a2c8

SHA-1:
fb902743f28a2769d4d6230b9a94bb138131cdcf

SHA-256:
4b42a01b83ec62a9ca3a8a514c2a4df1ed1db3823eac6bacc426350670e84a94

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
11/27/2024 4:50:34 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.SubTab
7.1.1

AhnLab V3 Security
PUP/Win32.SearchProtect
2015.06.12

avast!
Win32:Sality
2014.9-160219

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.16219

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.383
9.0.1.050

ESET NOD32
Win32/ELEX.CY potentially unwanted application
10.7.0.302.0

G Data
Win32.Application.SearchProtect.AA@gen
16.2.25

K7 AntiVirus
Adware
13.205.16221

Kaspersky
not-a-virus:AdWare.Win32.SubTab
14.0.0.635

Malwarebytes
PUP.Optional.Giner
v2016.02.19.11

Microsoft Security Essentials
Threat.Undefined
1.203.406.0

Quick Heal
PUA.SearchProtect.OD3
2.16.14.00

Reason Heuristics
PUP.Thinknice.GinerTech (M)
16.2.19.23

Sophos
PUA 'SearchProtect' (of type Adware)
5.15

VIPRE Antivirus
Adware.Win32.SubTab
41052

Zillya! Antivirus
Adware.SearchProtect.Win32.48
2.0.0.2219

File size:
32 KB (32,768 bytes)

Product version:
4,0,1,2609

Copyright:
Copyright (C) 2014

Original file name:
CmdShell.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\miuitab\cmdshell.exe

Digital Signature
Signed by:
Giner Tech Inc

Authority:
GlobalSign nv-sa

Valid from:
6/12/2015 7:46:50 AM

Valid to:
12/2/2015 9:53:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FB793B677F1D12C7BCC7B71B945F3810

File PE Metadata
Compilation timestamp:
6/16/2015 9:17:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
384:oMjz/cecVYMM7B/ypzY0H8FfeILyvaOdhCRlX34WSmvnLr3PLuHINB56s1U:/AecV2KhamI+vaOdhM4qv/G+B56s1

Entry address:
0x2680

Entry point:
E8, 8C, 03, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, 30, 30, 40, 00, 6A, 01, A3, 9C, 44, 40, 00, E8, 7F, 04, 00, 00, FF, 75, 08, E8, 7D, 04, 00, 00, 83, 3D, 9C, 44, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 65, 04, 00, 00, 59, 68, 09, 04, 00, C0, E8, 66, 04, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 71, 04, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 80, 42, 40, 00, 89, 0D, 7C, 42, 40, 00, 89, 15, 78, 42, 40, 00, 89, 1D, 74, 42, 40, 00, 89, 35, 70, 42, 40, 00, 89, 3D, 6C...
 
[+]

Entropy:
5.2965

Code size:
8 KB (8,192 bytes)

Remove CmdShell.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.