» windowstab_mon.exe
Overview
Analysis
File Details
Programs (1)

windowstab_mon.exe

DOTPITCH.INC

The application windowstab_mon.exe by DOTPITCH.INC has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program WindowsTab Uninstall by DOTPITCH.INC which is a potentially unwanted software program. This will plug into the web browser and collect information about the user's browsing activities (such as visited URLs) in order to display targeted popup advertisements.

File name:

windowstab_mon.exe

Publisher:

DOTPITCH.INC (signed and verified)

MD5:

c09432d13abe2e8e310bdb0a4b254591

SHA-1:

60589b44bb7ad63f5048fbd1997ce3ec50e1d23f

SHA-256:

1e2d318f51e8ad71bcd06383f115a4f301a08f22cb714e3e7b753e3172526b43

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/27/2024 1:20:11 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.Kraddare

7.1.1

AhnLab V3 Security

PUP/Win32.WindowsTap

15.08.19

Avira AntiVirus

TR/Downloader.Gen

7.11.146.92

AVG

Generic5

2016.0.3012

Comodo Security

ApplicUnwnt

18192

ESET NOD32

Win32/Adware.Kraddare.HW (variant)

9.9741

Fortinet FortiGate

W32/Kraddare.GW

8/19/2015

IKARUS anti.virus

Trojan-Downloader

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.177.11928

Malwarebytes

Adware.Korad

v2015.08.19.05

McAfee

Artemis!C09432D13ABE

5600.6668

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Reason Heuristics

PUP.DOTPITCHINC (M)

15.8.19.17

Rising Antivirus

PE:Trojan.Win32.Generic.14C8BEA4!348700324

23.00.65.15817

Sophos

Generic PUA GA

4.98

Trend Micro House Call

TROJ_GEN.F47V0306

7.2.231

Trend Micro

PAK_Generic.005

10.465.19

VIPRE Antivirus

Adware.Adpopup

28712

File size:

85.6 KB (87,640 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\windowstab\windowstab_mon.exe

Digital Signature

Signed by:

DOTPITCH.INC

Authority:

Thawte, Inc.

Valid from:

3/11/2013 9:00:00 PM

Valid to:

4/11/2014 8:59:59 PM

Subject:

CN=DOTPITCH.INC, OU=Marketing, O=DOTPITCH.INC, L=Seocho-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0AA240F3D167B5B6AF5A20903B60B16F

File PE Metadata

Compilation timestamp:

6/3/2013 4:05:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:n/iEL6xC1YbHkYB0/KzPKTHUC4V8H3+cISkp5LHM2IXPI3so47+NK0y:/ZL6Imy/KzPKTHUlXnS72Vcw7y

Entry address:

0x371E0

Entry point:

60, BE, 00, 40, 42, 00, 8D, BE, 00, D0, FD, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Entropy:

7.8587

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

80 KB (81,920 bytes)

The file windowstab_mon.exe has been discovered within the following program.

WindowsTab Uninstall by DOTPITCH.INC

85% remove it

Remove windowstab_mon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.