xtab_setup.exe

Giner Tech Inc

The application xtab_setup.exe by Giner Tech Inc has been detected as adware by 32 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory.
Publisher:
XTab  (signed by Giner Tech Inc)

Product:
XTab

Version:
4.0.2.2349

MD5:
1fafed0e3fbde4ef432264c7e3537300

SHA-1:
1fb9b598c101276953a282df693dadb96d5da131

SHA-256:
53ac693b065854a193f7db01f1199a47cb79f54a4ae8f05b5aaf6b22825eca2b

Scanner detections:
32 / 68

Status:
Adware

Analysis date:
11/1/2024 2:46:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SearchProtect.W
632

Agnitum Outpost
PUA.SearchProtect
7.1.1

AhnLab V3 Security
PUP/Win32.SearchProtect
2015.05.12

avast!
Win32:GenMaliciousA-EHB [PUP]
2014.9-150514

AVG
Generic
2016.0.3110

Bitdefender
Adware.SearchProtect.W
1.0.20.670

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.SupTab
0.98/21511

Comodo Security
ApplicUnwnt.Win32.SearchProtect.~A
22088

Dr.Web
Adware.Mutabaha.333
9.0.1.0134

Emsisoft Anti-Malware
Adware.SearchProtect.W
8.15.05.14.09

ESET NOD32
Win32/ELEX.BM potentially unwanted
9.11612

Fortinet FortiGate
W32/ELEX.BM
5/14/2015

F-Prot
W32/SearchProtect.C.gen
v6.4.7.1.166

F-Secure
Adware.SearchProtect.W
11.2015-14-05_5

G Data
Adware.SearchProtect
15.5.25

K7 AntiVirus
Unwanted-Program
13.203.15877

Kaspersky
not-a-virus:AdWare.Win32.SearchProtect
14.0.0.2043

Malwarebytes
PUP.Optional.Giner
v2015.05.14.09

McAfee
Artemis!7A906096BB56
5600.6766

MicroWorld eScan
Adware.SearchProtect.W
16.0.0.402

NANO AntiVirus
Riskware.Win32.SearchProtect.dpvtwk
0.30.24.1357

nProtect
Adware.SearchProtect.W
15.05.11.01

Panda Antivirus
Trj/Genetic.gen
15.05.14.09

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.SearchProtect.OD3
5.15.14.00

Reason Heuristics
Threat.Thinknice.Installer
15.5.14.5

Sophos
SearchProtect
4.98

Trend Micro House Call
ADW_ELEX
7.2.134

Trend Micro
ADW_ELEX
10.465.14

Vba32 AntiVirus
AdWare.SearchProtect
3.12.26.3

VIPRE Antivirus
Adware.SearchProtect
40164

File size:
2.4 MB (2,535,160 bytes)

Copyright:
copyroght (c) 2011-2014 XTab system

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\xtab_setup.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
4/20/2015 4:43:22 AM

Valid to:
12/2/2015 5:23:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112186B135D0152CD8EA8D04B67D2A0CCF34

File PE Metadata
Compilation timestamp:
3/22/2010 1:59:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:T3lpEAz9DGIhZnRUd7EEEzB2untTWvWpOUblUQuR4JFW:xaAz9DGIvRUmEEzBjRWyJWzR4JFW

Entry address:
0x114A

Entry point:
E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.9807

Packer / compiler:
Xtreme-Protector v1.05

Code size:
62 KB (63,488 bytes)

Remove xtab_setup.exe - Powered by Reason Core Security