» protectservice.exe
Overview
Analysis
File Details
Behaviors (1)

protectservice.exe

XTab

Giner Tech Inc

The application protectservice.exe by Giner Tech Inc has been detected as adware by 26 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IHProtect Service”. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.

File name:

protectservice.exe

Publisher:

XTab system (signed by Giner Tech Inc)

Product:

XTab

Description:

ProtectSvc.exe

Version:

4.0.1.2072

MD5:

76906cfc26e951aa6093f9e1fe66bc4b

SHA-1:

bb6d24a4ed8996671acfc0806b50a1e5cf96c0b3

SHA-256:

f76e42a18fa76040b3a8efa28a3474ba4595dea1030c27acbb30b12a0937a5cf

Scanner detections:

26 / 68

Status:

Adware

Analysis date:

11/27/2024 4:52:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SearchProtect.W

5636750

AhnLab V3 Security

PUP/Win32.SearchProtect

2015.04.15

Avira AntiVirus

PUA/SearchProtect.Gen

3.6.1.96

AVG

Generic

2016.0.3138

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.15415

Bitdefender

Adware.SearchProtect.W

1.0.20.525

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Mutabaha.266

9.0.1.05190

Emsisoft Anti-Malware

Adware.SearchProtect.W

9.0.0.4799

ESET NOD32

Win32/ELEX.BM potentially unwanted

9.11475

Fortinet FortiGate

Riskware/Elex

7/17/2015

F-Prot

W32/SearchProtect.C.gen

v6.4.7.1.166

F-Secure

Adware.SearchProtect.W

5.13.68

G Data

Adware.SearchProtect

15.4.25

K7 AntiVirus

Unwanted-Program

13.202.15600

Malwarebytes

PUP.Optional.XTab.A

v2015.04.15.12

McAfee

Artemis!E98C5CFA4051

5600.6702

MicroWorld eScan

Adware.SearchProtect.W

16.0.0.315

NANO AntiVirus

Riskware.Win32.SearchProtect.dpvtwk

0.30.16.1110

nProtect

Adware.SearchProtect.W

15.04.15.01

Reason Heuristics

Threat.Thinknice.GinerTech

15.4.15.11

Sophos

Generic PUA KF

4.98

Trend Micro House Call

Suspicious_GEN.F47V0402

7.2.198

Vba32 AntiVirus

AdWare.SearchProtect

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38994

Zillya! Antivirus

Adware.SearchProtect.Win32.20

2.0.0.2139

File size:

155.1 KB (158,816 bytes)

Product version:

4.0.1.2072

Original file name:

ProtectSvc.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese

Common path:

C:\Program Files\xtab\protectservice.exe

Digital Signature

Signed by:

Giner Tech Inc

Authority:

GlobalSign nv-sa

Valid from:

3/24/2015 9:40:38 AM

Valid to:

12/2/2015 5:23:38 AM

Subject:

CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112167537F02B71858D5AA3FC5D6CBB4265C

File PE Metadata

Compilation timestamp:

4/10/2015 1:23:46 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:ZUBSk9KzH+b1qXoa9tAy+B9KCGWm0GxIH1LCD4xeyLm:ZUBSjXoa7+BACGW5Gxk5CDxWm

Entry address:

0x18D5A

Entry point:

E8, C2, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 44, B3, 41, 00, 6A, 0C, 68, 00, D3, 41, 00, E8, 5A, 01, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 5B, 01, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A... 
[+]

Code size:

103.5 KB (105,984 bytes)

Service

Display name:

IHProtect Service

Type:

Win32OwnProcess

Remove protectservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.