» protectservice.exe
Overview
Analysis
File Details

protectservice.exe

XTab

Taiwan Shui Mu Chih Ching Technology Limited

The application protectservice.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 21 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.

File name:

protectservice.exe

Publisher:

XTab system (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:

XTab

Description:

ProtectSvc.exe

Version:

4.0.1.1716

MD5:

77daa5007d35e8e4ca6f684d976cd9e2

SHA-1:

1f2ce43b065530c6eb543437e5e4c2c518879510

SHA-256:

6517b5bb54318d1e0b088ef1e9d20179709c7d71ff0ce3a71f52947576972275

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

11/27/2024 1:40:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SearchProtect.W

700

AhnLab V3 Security

PUP/Win32.SearchProtect

2015.03.07

Avira AntiVirus

PUA/SearchProtect.EH

7.11.214.140

AVG

Generic

2016.0.3178

Baidu Antivirus

Adware.Win32.Elex

4.0.3.1536

Bitdefender

Adware.SearchProtect.W

1.0.20.325

Bkav FE

W32.HfsAdware

1.3.0.6379

Emsisoft Anti-Malware

Adware.SearchProtect.W

8.15.03.06.08

ESET NOD32

Win32/ELEX.BM potentially unwanted application

7.0.302.0

F-Secure

Adware.SearchProtect.W

11.2015-06-03_6

G Data

Adware.SearchProtect

15.3.25

K7 AntiVirus

Trojan

13.200.15211

Malwarebytes

PUP.Optional.XTab.A

v2015.03.06.08

McAfee

Artemis!6CA75F69A783

5600.6834

MicroWorld eScan

Adware.SearchProtect.W

16.0.0.195

nProtect

Adware.SearchProtect.W

15.03.06.01

Reason Heuristics

PUP.TaiwanShuiMuChihChingTechnology

15.3.6.20

Sophos

Generic PUA BP

4.98

Vba32 AntiVirus

AdWare.SearchProtect

3.12.26.3

VIPRE Antivirus

Threat.5063632

37788

Zillya! Antivirus

Adware.SearchProtect.Win32.20

2.0.0.2093

File size:

155.2 KB (158,888 bytes)

Product version:

4.0.1.1716

Original file name:

ProtectSvc.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\xtab\protectservice.exe

Digital Signature

Signed by:

Taiwan Shui Mu Chih Ching Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

3/4/2015 4:26:37 AM

Valid to:

3/4/2016 4:26:37 AM

Subject:

CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=Taipei City, S=Taiwan, C=TW

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121003857AB2AD439A7293EF2F1A8B3DCB6

File PE Metadata

Compilation timestamp:

1/15/2015 1:18:11 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:yUBSk9KzH+b1qXoa9tAy+B9KCGWm0GxIr1DCD4xeEVS:yUBSjXoa7+BACGW5GxQZCDx6S

Entry address:

0x18D5A

Entry point:

E8, C2, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 44, B3, 41, 00, 6A, 0C, 68, 00, D3, 41, 00, E8, 5A, 01, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 5B, 01, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A... 
[+]

Entropy:

6.2514

Code size:

103.5 KB (105,984 bytes)

Remove protectservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.