home

xtab_v4.0.exe

Taiwan Shui Mu Chih Ching Technology Limited

The application xtab_v4.0.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 27 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory.
Publisher:
XTab  (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:
XTab

Version:
4.0.2.1987

MD5:
22dc5bc0d2d27d0ad01ac18546fc21b2

SHA-1:
d40000027f9081a9472ebad7039848921fc4331e

SHA-256:
534f2e5d1489d0d288ee008f54e16fa3ab799d735247c36246a5c9df5ab85624

Scanner detections:
27 / 68

Status:
Adware

Analysis date:
11/30/2024 8:07:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SearchProtect.W
6758121

Agnitum Outpost
PUA.SearchProtect
7.1.1

Avira AntiVirus
PUA/SearchProtect.EH
7.11.214.140

avast!
Win32:GenMaliciousA-CFR [Trj]
2014.9-150306

AVG
Generic
2016.0.3178

Bitdefender
Adware.SearchProtect.W
1.0.20.325

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.SupTab
0.98/20157

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Adware.SearchProtect.W
9.0.0.4799

ESET NOD32
Win32/ELEX.BM potentially unwanted application
7.0.302.0

F-Secure
Adware.SearchProtect.W
11.2015-06-03_6

G Data
Adware.SearchProtect
15.3.25

K7 AntiVirus
Trojan
13.200.15187

Kaspersky
not-a-virus:AdWare.Win32.SearchProtect
15.0.0.543

Malwarebytes
PUP.Optional.BrowserWatch
v2015.03.06.08

McAfee
Trojan.Artemis!22DC5BC0D2D2
16.8.708.2

MicroWorld eScan
Adware.SearchProtect.W
16.0.0.195

nProtect
Adware.SearchProtect.W
15.03.06.01

Panda Antivirus
Trj/CI.A
15.03.06.08

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.TaiwanShuiMuChihChingTechnology
15.3.6.20

Sophos
Generic PUA BP
4.98

Trend Micro House Call
ADW_ELEX
7.2.65

Trend Micro
ADW_ELEX
10.465.06

Vba32 AntiVirus
AdWare.SearchProtect
3.12.26.3

VIPRE Antivirus
Threat.5063632
37788

File size:
2.5 MB (2,572,024 bytes)

Copyright:
copyroght (c) 2011-2014 XTab system

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\xtab_v4.0.exe

Digital Signature
Signed by:
Taiwan Shui Mu Chih Ching Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
3/4/2015 4:26:37 AM

Valid to:
3/4/2016 4:26:37 AM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121003857AB2AD439A7293EF2F1A8B3DCB6

File PE Metadata
Compilation timestamp:
3/21/2010 8:59:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:MlpEAz9DGIhZnRUdGzTCo+ob5eI3HPgETWvWpOUblUQuRrtFp:qaAz9DGIvRUYzTIGWyJWzRpFp

Entry address:
0x114A

Entry point:
E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.9812

Packer / compiler:
Xtreme-Protector v1.05

Code size:
62 KB (63,488 bytes)

Remove xtab_v4.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.