home

amt_omniboxes.exe

5242_amt_omniboxes

Giner Tech Inc

The application amt_omniboxes.exe by Giner Tech Inc has been detected as adware by 13 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.
Publisher:
Real-Sys  (signed by Giner Tech Inc)

Product:
5242_amt_omniboxes

Description:
Real-Sys

Version:
1.0.0.8

MD5:
bc27b13e3ad0369bcde92e79679d16c2

SHA-1:
112f738f3b6e9389200b985588e05d7637e91c0f

SHA-256:
eca2f76f382af2e7146a7386c23882e5bfe54a048a88f0395bb6c64dbed38016

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
5/20/2024 2:32:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Jatif.390
434

Arcabit
PUP.Adware.GinerTech
1.0.0.624

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.151127

Bitdefender
Gen:Variant.Application.Jatif.390
1.0.20.1655

Bkav FE
W32.HfsAdware
1.3.0.7383

Comodo Security
Application.Win32.ELEX.H
23665

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12632

F-Secure
Gen:Variant.Application.Jatif
11.2015-27-11_6

G Data
Gen:Variant.Application.Jatif.390
15.11.25

Malwarebytes
PUP.Optional.Omniboxes.ShrtCln
v2015.11.27.09

MicroWorld eScan
Gen:Variant.Application.Jatif.390
16.0.0.993

Reason Heuristics
PUP.Thinknice.GinerTech (M)
15.11.27.21

VIPRE Antivirus
Elex Installer
45454

File size:
691.6 KB (708,232 bytes)

Product version:
1.0.0.8

Copyright:
Copyright (C) Real-Sys Link 2002

Original file name:
Real-Sys.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\amt_omniboxes.exe

Digital Signature
Signed by:
Giner Tech Inc

Authority:
GlobalSign nv-sa

Valid from:
11/26/2015 10:46:13 PM

Valid to:
12/1/2015 10:23:38 PM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B74BA60A169786D0CAC560764F7FC03A

File PE Metadata
Compilation timestamp:
11/26/2015 11:18:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:scejJeLGvt0IA9rjAZ4ytwTyNaVIncRSUx5GpXerrrrOB:5eKOAZsZ47ONaVIncn5GJ7B

Entry address:
0x25B49

Entry point:
E8, 68, AF, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 19, 38, 00, 00, 6A, 16, 5E, 89, 30, E8, F9, 28, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, D5, 37, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Entropy:
6.3425

Code size:
310 KB (317,440 bytes)

Remove amt_omniboxes.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.