» protectservice.exe
Overview
Analysis
File Details
Behaviors (1)

protectservice.exe

XTab

Giner Tech Inc

The application protectservice.exe by Giner Tech Inc has been detected as adware by 18 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IHProtect Service”. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.

File name:

protectservice.exe

Publisher:

XTab system (signed by Giner Tech Inc)

Product:

XTab

Description:

ProtectSvc.exe

Version:

4.0.1.2072

MD5:

6bf369670e9b005424540cb1fae67241

SHA-1:

f547e0982ec4d39d0cc2eabdc587ee12edfafd0a

SHA-256:

5519daa42d7fb373c374b07aa476dabaf2e86c97a947aa1601050506f2a39e10

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

11/27/2024 4:30:50 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SearchProtect.W

5675400

AhnLab V3 Security

PUP/Win32.SearchProtect

2015.04.13

Avira AntiVirus

PUA/SearchProtect.Gen

3.6.1.96

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.15413

Bitdefender

Adware.SearchProtect.W

1.0.20.515

Dr.Web

Adware.Mutabaha.266

9.0.1.0103

Emsisoft Anti-Malware

Adware.SearchProtect.W

9.0.0.4799

ESET NOD32

Win32/ELEX.BM potentially unwanted application

7.0.302.0

F-Prot

W32/SearchProtect.C.gen

v6.4.7.1.166

F-Secure

Adware.SearchProtect.W

5.13.68

G Data

Adware.SearchProtect

15.4.25

K7 AntiVirus

Trojan

13.202.15572

Malwarebytes

PUP.Optional.XTab.A

v2015.04.13.11

MicroWorld eScan

Adware.SearchProtect.W

16.0.0.309

NANO AntiVirus

Riskware.Win32.SearchProtect.dpvtwk

0.30.10.952

nProtect

Adware.SearchProtect.W

15.04.10.01

Reason Heuristics

Threat.Thinknice.GinerTech

15.4.13.11

Vba32 AntiVirus

AdWare.SearchProtect

3.12.26.3

File size:

155.1 KB (158,816 bytes)

Product version:

4.0.1.2072

Original file name:

ProtectSvc.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\xtab\protectservice.exe

Digital Signature

Signed by:

Giner Tech Inc

Authority:

GlobalSign nv-sa

Valid from:

3/24/2015 9:40:38 AM

Valid to:

12/2/2015 5:23:38 AM

Subject:

CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112167537F02B71858D5AA3FC5D6CBB4265C

File PE Metadata

Compilation timestamp:

4/9/2015 4:47:22 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:HUBSk9KzH+b1qXoa9tAy+B9KCGWm0GxIr1iCD4xeyLY:HUBSjXoa7+BACGW5GxQMCDxWY

Entry address:

0x18D5A

Entry point:

E8, C2, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 44, B3, 41, 00, 6A, 0C, 68, 00, D3, 41, 00, E8, 5A, 01, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 5B, 01, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A... 
[+]

Entropy:

6.2503

Code size:

103.5 KB (105,984 bytes)

Service

Display name:

IHProtect Service

Type:

Win32OwnProcess

Remove protectservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.