stab_v4.0.exe

Thinknice Co., Limited

The application stab_v4.0.exe by Thinknice Co., Limited has been detected as adware by 28 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
XTab  (signed by Thinknice Co., Limited)

Product:
XTab

Version:
4.0.2.1615

MD5:
baa311fd91c54e89fabe23e36b47f1cb

SHA-1:
8de11fd3f8a6c3e943ded61316085d30463e5ad5

Scanner detections:
28 / 68

Status:
Adware

Analysis date:
12/25/2024 8:09:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OFO
351

Agnitum Outpost
Trojan.Click
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.200.82

avast!
Win32:SupTab-D [Adw]
2014.9-160218

Baidu Antivirus
Adware.Win32.SupTab
4.0.3.16218

Bitdefender
Adware.Agent.OFO
1.0.20.245

Clam AntiVirus
Win.Adware.SupTab
0.98/19898

Dr.Web
infected with Trojan.Click3.8536
9.0.1.049

Emsisoft Anti-Malware
Adware.Agent.OFO
8.16.02.18.04

ESET NOD32
Win32/Thinknice.B potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/Thinknice
2/18/2016

F-Secure
Adware.Agent.OFO
11.2016-18-02_5

G Data
Adware.Agent.OFO
16.2.24

K7 AntiVirus
Trojan
13.190.14593

Kaspersky
not-a-virus:AdWare.Win32.SearchProtect
14.0.0.642

Malwarebytes
PUP.Optional.XTab.A
v2016.02.18.04

McAfee
Artemis!C8A02394CCB2
5600.6485

MicroWorld eScan
Adware.Agent.OFO
17.0.0.147

NANO AntiVirus
Trojan.Win32.Click3.ddmrti
0.30.0.64448

Norman
Adware.Agent.OFO
11.20160218

nProtect
Adware.Agent.OFO
15.01.09.01

Panda Antivirus
Generic Suspicious
16.02.18.04

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Thinknice.ThinkniceCo (M)
16.2.18.16

Sophos
PUA 'ThinkNice' (of type Adware)
59

Trend Micro House Call
TROJ_GE.93271C25
7.2.49

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36502

File size:
2.6 MB (2,706,467 bytes)

Copyright:
copyroght (c) 2011-2014 XTab system

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\tmp\stab_v4.0.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/20/2014 2:26:52 PM

Valid to:
10/21/2015 2:26:52 PM

Subject:
CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217B1525408E122E96F2FC3CB018A64466

File PE Metadata
Compilation timestamp:
3/22/2010 7:59:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:QOGliSausm0CIDanuJtegoc7c5cFyS9iK4R5g9RTWvWpOUblUQuakwcQEw:hUauHtICuJtegTR9ivg9FWyJWzakwx9

Entry address:
0x114A

Entry point:
60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 00, 10, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 00, 10, 89, 45, 00, 8B, 83, B3, 4B, 00, 10, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 00, 10, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 00, 10, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 00, 10, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3...
 
[+]

Entropy:
7.9682

Packer / compiler:
ASPack v1.08.04

Code size:
62 KB (63,488 bytes)

Remove stab_v4.0.exe - Powered by Reason Core Security