home

xtab_4.0.2.1716.exe

Taiwan Shui Mu Chih Ching Technology Limited

The application xtab_4.0.2.1716.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 7 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory.
Publisher:
XTab  (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:
XTab

Version:
4.0.2.1716

MD5:
55bae15d523e4fabaa551023703d3fd9

SHA-1:
6539fe78912059eeea8bec052425099a02be4d23

SHA-256:
399f299143acbec30d0f39c03f0f832f9e533b7e367d107ed7ed6dc6502cd9bd

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
11/27/2024 1:20:48 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Elex
4.0.3.15116

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/Thinknice.B potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:AdWare.Win32.SearchProtect
15.0.0.543

Malwarebytes
PUP.Optional.XTab.A
v2015.01.16.06

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.TaiwanShuiMuChihChingTechnologyLimited.M
15.1.16.6

File size:
2.3 MB (2,463,384 bytes)

Copyright:
copyroght (c) 2011-2014 XTab system

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\xtab_4.0.2.1716.exe

Digital Signature
Signed by:
Taiwan Shui Mu Chih Ching Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/15/2015 6:36:14 AM

Valid to:
2/25/2015 9:15:36 AM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=New Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11214791C542722D5C418927DCC4A64E75B7

File PE Metadata
Compilation timestamp:
3/22/2010 12:59:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:8lpEAz9DGIhZnRUdOl7Hf2LLXETWvWpOUblUQuRkwcQ:6aAz9DGIvRUOH8XGWyJWzRkwx

Entry address:
0x114A

Entry point:
E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.9798

Packer / compiler:
Xtreme-Protector v1.05

Code size:
62 KB (63,488 bytes)

Remove xtab_4.0.2.1716.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.