» stab_v4.0.exe
Overview
Analysis
File Details

stab_v4.0.exe

Thinknice Co., Limited

The application stab_v4.0.exe by Thinknice Co., Limited has been detected as adware by 11 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory.

File name:

stab_v4.0.exe

Publisher:

XTab (signed by Thinknice Co., Limited)

Product:

XTab

Version:

4.0.2.1685

MD5:

684ce32af59ccba1cc2954b5b369e364

SHA-1:

fd3434a66da02ccc7f37dbfb9c7718f3b40c83d3

SHA-256:

7aacbfe37f3cd6c61289af9046f43e17c4922ee41dfb7b2d585dd7de7ed9181c

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

11/6/2024 3:41:48 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen

7.11.200.114

avast!

Win32:SupTab-D [Adw]

2014.9-150109

Clam AntiVirus

Win.Adware.SupTab

0.98/19900

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/Thinknice.B potentially unwanted application

7.0.302.0

G Data

Win32.Application.SubTab

15.1.24

Kaspersky

not-a-virus:AdWare.Win32.SearchProtect

15.0.0.543

Malwarebytes

PUP.Optional.XTab.A

v2015.01.09.06

Panda Antivirus

Generic Suspicious

15.01.09.06

Reason Heuristics

PUP.Thinknice

15.3.11.17

Trend Micro House Call

Suspici.BF2139C2

7.2.9

File size:

2.5 MB (2,646,016 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\stab_v4.0.exe

Digital Signature

Signed by:

Thinknice Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

10/20/2014 2:56:52 AM

Valid to:

10/21/2015 2:56:52 AM

Subject:

CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11217B1525408E122E96F2FC3CB018A64466

File PE Metadata

Compilation timestamp:

3/21/2010 8:29:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:nuFk71s2rZixVT7K5dA1RvTEoxPHU7juyqHKgGIETWvWpOUblUQuRkwcQX:nuF2VtiS5AlnlHU7XqqgGIGWyJWzRkw1

Entry address:

0x114A

Entry point:

E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

62 KB (63,488 bytes)

Remove stab_v4.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.