» xtab.exe
Overview
Analysis
File Details

xtab.exe

Giner Tech Inc

The application xtab.exe by Giner Tech Inc has been detected as adware by 28 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory.

File name:

xtab.exe

Publisher:

XTab (signed by Giner Tech Inc)

Product:

XTab

Version:

4.0.2.2072

MD5:

45380835b34afc2f1392443536d739a4

SHA-1:

ef0ee180780a6e8fe9f7179b76efdfb8df08691c

SHA-256:

90b1661a626cc2eaa61076483e0abf95ad1bf551b92ff2da4f4a0b73fe236cad

Scanner detections:

28 / 68

Status:

Adware

Analysis date:

11/30/2024 11:37:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Jatif.390

556

Agnitum Outpost

PUA.ELEX

7.1.1

Avira AntiVirus

PUA/Trollbar.AO

8.3.1.6

Arcabit

Trojan.Application.Jatif.390

1.0.0.425

AVG

Generic

2016.0.3034

Bitdefender

Gen:Variant.Application.Jatif.390

1.0.20.1050

Bkav FE

HW32.Packed

1.3.0.6979

Comodo Security

ApplicUnwnt.Win32.SearchProtect.~A

22778

Dr.Web

Adware.Mutabaha.568

9.0.1.0210

ESET NOD32

Win32/ELEX.BM potentially unwanted

9.11950

Fortinet FortiGate

Adware/ELEX

7/29/2015

F-Prot

W32/SearchProtect.B.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Jatif

11.2015-29-07_4

G Data

Gen:Variant.Application.Jatif.390

15.7.25

K7 AntiVirus

Unwanted-Program

13.207.16587

Kaspersky

not-a-virus:AdWare.Win32.ELEX

14.0.0.1664

Malwarebytes

PUP.Optional.Giner

v2015.07.29.03

McAfee

Artemis!45380835B34A

5600.6690

MicroWorld eScan

Gen:Variant.Application.Jatif.390

16.0.0.630

NANO AntiVirus

Riskware.Win32.SearchProtect.drogea

0.30.24.2487

Panda Antivirus

Trj/Genetic.gen

15.07.29.03

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Quick Heal

PUA.SearchProtect.OD3

7.15.14.00

Reason Heuristics

PUP.Thinknice.GinerTech (M)

15.7.29.3

Trend Micro House Call

TROJ_GE.62CB92ED

7.2.210

Trend Micro

ADW_ELEX

10.465.29

Vba32 AntiVirus

AdWare.SearchProtect

3.12.26.4

VIPRE Antivirus

Adware.Win32.ELEX

42058

File size:

2.4 MB (2,538,176 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\xtab.exe

Digital Signature

Signed by:

Giner Tech Inc

Authority:

GlobalSign nv-sa

Valid from:

7/10/2015 1:24:13 AM

Valid to:

12/1/2015 10:23:38 PM

Subject:

CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112144A013AAD3E1337D18D07539AE686CDE

File PE Metadata

Compilation timestamp:

3/21/2010 6:59:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:jRGlpEAz9DGIhZnRUdnjJUFR/lo0BTWvWpOUblUQuRBzQ:jREaAz9DGIvRUVjJxEWyJWzRBzQ

Entry address:

0x114A

Entry point:

E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

62 KB (63,488 bytes)

Remove xtab.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.