» cvs_istartpageing.exe
Overview
Analysis
File Details

cvs_istartpageing.exe

5302_cvs_istartpageing

Giner Tech Inc

The application cvs_istartpageing.exe by Giner Tech Inc has been detected as adware by 13 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.

File name:

Publisher:

Real-Sys (signed by Giner Tech Inc)

Product:

5302_cvs_istartpageing

Description:

Real-Sys

Version:

1.0.0.9

MD5:

0910c6bd1e8861e60d29b1d4ba280dfa

SHA-1:

9945b78ad1cdb67fd562e8f69cf5f468ef7ca754

SHA-256:

86d9e091a35c0e5814e292141968e62227b795c38ff315cc5266bf7204b881ab

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:

4/9/2025 5:00:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Jatif.390

430

Arcabit

PUP.Adware.GinerTech

1.0.0.627

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.15121

Bitdefender

Gen:Variant.Application.Jatif.390

1.0.20.1675

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

Application.Win32.ELEX.H

23688

ESET NOD32

Win32/ELEX.FK potentially unwanted (variant)

9.12650

F-Secure

Gen:Variant.Application.Jatif

11.2015-01-12_3

G Data

Gen:Variant.Application.Jatif.390

15.12.25

Malwarebytes

PUP.Optional.PUP.Optional.IStartPageing.ChrPRST

v2015.12.01.12

MicroWorld eScan

Gen:Variant.Application.Jatif.390

16.0.0.1005

Reason Heuristics

PUP.Thinknice.GinerTech (M)

15.12.1.12

VIPRE Antivirus

Elex Installer

45536

File size:

601.6 KB (616,072 bytes)

Product version:

1.0.0.9

Original file name:

Real-Sys.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\exe\0cceb58108e9ba5680d5ec585c86accd\cvs_istartpageing.exe

Digital Signature

Signed by:

Giner Tech Inc

Authority:

GlobalSign nv-sa

Valid from:

11/30/2015 11:05:46 AM

Valid to:

12/2/2015 5:23:38 AM

Subject:

CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FF4B793B23CE59EA22F72C1A6C3394D7

File PE Metadata

Compilation timestamp:

11/30/2015 4:14:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:VUznlgJP3YF0rq/3fa7GBSbkbLKFaBjr6oBG27CpZ5gerrrr5r:WSHO/r6oR7CpZ59r

Entry address:

0x39807

Entry point:

E8, 26, D1, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, CB, 2C, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74... 
[+]

Code size:

398 KB (407,552 bytes)

Remove cvs_istartpageing.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.