» stab_v4.0.exe
Overview
Analysis
File Details

stab_v4.0.exe

Thinknice Co., Limited

The application stab_v4.0.exe by Thinknice Co., Limited has been detected as adware by 28 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.

File name:

stab_v4.0.exe

Publisher:

XTab (signed by Thinknice Co., Limited)

Product:

XTab

Version:

4.0.2.1615

MD5:

baa311fd91c54e89fabe23e36b47f1cb

SHA-1:

8de11fd3f8a6c3e943ded61316085d30463e5ad5

Scanner detections:

28 / 68

Status:

Adware

Analysis date:

11/6/2024 3:32:42 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OFO

351

Agnitum Outpost

Trojan.Click

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

7.11.200.82

avast!

Win32:SupTab-D [Adw]

2014.9-160218

Baidu Antivirus

Adware.Win32.SupTab

4.0.3.16218

Bitdefender

Adware.Agent.OFO

1.0.20.245

Clam AntiVirus

Win.Adware.SupTab

0.98/19898

Dr.Web

infected with Trojan.Click3.8536

9.0.1.049

Emsisoft Anti-Malware

Adware.Agent.OFO

8.16.02.18.04

ESET NOD32

Win32/Thinknice.B potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Riskware/Thinknice

2/18/2016

F-Secure

Adware.Agent.OFO

11.2016-18-02_5

G Data

Adware.Agent.OFO

16.2.24

K7 AntiVirus

Trojan

13.190.14593

Kaspersky

not-a-virus:AdWare.Win32.SearchProtect

14.0.0.642

Malwarebytes

PUP.Optional.XTab.A

v2016.02.18.04

McAfee

Artemis!C8A02394CCB2

5600.6485

MicroWorld eScan

Adware.Agent.OFO

17.0.0.147

NANO AntiVirus

Trojan.Win32.Click3.ddmrti

0.30.0.64448

Norman

Adware.Agent.OFO

11.20160218

nProtect

Adware.Agent.OFO

15.01.09.01

Panda Antivirus

Generic Suspicious

16.02.18.04

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Thinknice.ThinkniceCo (M)

16.2.18.16

Sophos

PUA 'ThinkNice' (of type Adware)

Trend Micro House Call

TROJ_GE.93271C25

7.2.49

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

36502

File size:

2.6 MB (2,706,467 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\tmp\stab_v4.0.exe

Digital Signature

Signed by:

Thinknice Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

10/20/2014 2:26:52 PM

Valid to:

10/21/2015 2:26:52 PM

Subject:

CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217B1525408E122E96F2FC3CB018A64466

File PE Metadata

Compilation timestamp:

3/22/2010 7:59:20 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:QOGliSausm0CIDanuJtegoc7c5cFyS9iK4R5g9RTWvWpOUblUQuakwcQEw:hUauHtICuJtegTR9ivg9FWyJWzakwx9

Entry address:

0x114A

Entry point:

60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 00, 10, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 00, 10, 89, 45, 00, 8B, 83, B3, 4B, 00, 10, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 00, 10, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 00, 10, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 00, 10, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3... 
[+]

Entropy:

7.9682

Packer / compiler:

ASPack v1.08.04

Code size:

62 KB (63,488 bytes)

Remove stab_v4.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.