home

xtab.exe

Giner Tech Inc

The application xtab.exe by Giner Tech Inc has been detected as adware by 30 anti-malware scanners. This is a setup program which is used to install the application. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. The file has been seen being downloaded from www.downclvw.com.
Publisher:
XTab  (signed by Giner Tech Inc)

Product:
XTab

Version:
4.0.2.2072

MD5:
e821ced765bdb44487e495175be5fc87

SHA-1:
e6d7f5e41799436ad6512b311d7c9e552292f25c

SHA-256:
ff9e5604f4e45f511adea688ac86adde94e1fd4a7134826704b9babbb54799ec

Scanner detections:
30 / 68

Status:
Adware

Analysis date:
1/6/2025 9:40:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SearchProtect.W
650

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
PUA/SearchProtect.Gen
3.6.1.96

avast!
Win32:GenMaliciousA-EHB [PUP]
2014.9-150425

Bitdefender
Adware.SearchProtect.W
1.0.20.575

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.SupTab
0.98/21511

Comodo Security
ApplicUnwnt.Win32.SearchProtect.~A
21845

Dr.Web
Adware.Mutabaha.119
9.0.1.0115

Emsisoft Anti-Malware
Adware.SearchProtect.W
8.15.04.25.05

ESET NOD32
Win32/ELEX.BM potentially unwanted
9.11508

Fortinet FortiGate
Riskware/Elex
4/25/2015

F-Prot
W32/SearchProtect.B.gen
v6.4.7.1.166

F-Secure
Adware.SearchProtect.W
11.2015-25-04_7

G Data
Adware.SearchProtect
15.4.25

K7 AntiVirus
Unwanted-Program
13.203.15658

Malwarebytes
PUP.Optional.BrowserWatch
v2015.04.25.05

McAfee
Artemis!B9A70A43F46F
5600.6784

MicroWorld eScan
Adware.SearchProtect.W
16.0.0.345

NANO AntiVirus
Riskware.Win32.SearchProtect.dpvtwk
0.30.20.1219

nProtect
Adware.SearchProtect.W
15.04.20.01

Panda Antivirus
Trj/Genetic.gen
15.04.25.05

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.SearchProtect.OD3
4.15.14.00

Reason Heuristics
Threat.Thinknice.GinerTech
15.4.25.13

Sophos
Generic PUA NK
4.98

Trend Micro House Call
ADW_ELEX
7.2.115

Trend Micro
ADW_ELEX
10.465.25

Vba32 AntiVirus
AdWare.SearchProtect
3.12.26.3

VIPRE Antivirus
Adware.SearchProtect
39544

File size:
2.4 MB (2,564,288 bytes)

Copyright:
copyroght (c) 2011-2014 XTab system

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\l6wncgt3\xtab.exe

Digital Signature
Signed by:
Giner Tech Inc

Authority:
GlobalSign nv-sa

Valid from:
4/20/2015 4:43:22 AM

Valid to:
12/2/2015 5:23:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112186B135D0152CD8EA8D04B67D2A0CCF34

File PE Metadata
Compilation timestamp:
3/22/2010 1:59:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:/lpEAz9DGIhZnRUdENHJIdhl++2vXWTWvWpOUblUQuR5ROy:taAz9DGIvRUEHJ++4WyJWzRnOy

Entry address:
0x114A

Entry point:
E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
62 KB (63,488 bytes)

The file xtab.exe has been seen being distributed by the following URL.

http://www.downclvw.com/Public/softs/xtab/4.0.2.2072/.../XTab.exe

Remove xtab.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.