» windowstab_uc.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

windowstab_uc.exe

DOTPITCH.INC

The application windowstab_uc.exe by DOTPITCH.INC has been detected as adware by 25 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WINDOWSTAB_UC’. This file is typically installed with the program WindowsTab Uninstall by DOTPITCH.INC which is a potentially unwanted software program. This will plug into the web browser and collect information about the user's browsing activities (such as visited URLs) in order to display targeted popup advertisements.

File name:

windowstab_uc.exe

Publisher:

DOTPITCH.INC (signed and verified)

MD5:

3b9befa24de056db58ee6c2134d5970c

SHA-1:

8b08a5cf6a381c45c08cda96d2e4bb3f4d89f8a0

SHA-256:

2228247f57f12a2a054db222547e33a11a0be122c2f959386d61d42b394294a4

Scanner detections:

25 / 68

Status:

Adware

Analysis date:

4/19/2024 9:02:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.580337

534

Agnitum Outpost

PUA.Kraddare

7.1.1

AhnLab V3 Security

PUP/Win32.WindowsTap

2014.03.06

Avira AntiVirus

Adware/Kraddare.HF

7.11.135.30

Bitdefender

Application.Generic.580337

1.0.20.1155

Comodo Security

ApplicUnwnt

17892

Dr.Web

DLOADER.Trojan

9.0.1.0231

Emsisoft Anti-Malware

Generic.Onlinegames.14.3234B4DE

8.15.08.19.05

ESET NOD32

Win32/Adware.Kraddare.HW (variant)

9.9506

F-Prot

W32/Downloader.J.gen

v6.4.7.1.166

F-Secure

Application.Generic.580337

11.2015-19-08_4

G Data

Application.Generic.580337

15.8.24

IKARUS anti.virus

Trojan-Downloader

t3scan.2.2.29

K7 AntiVirus

Adware

13.176.11351

Malwarebytes

Adware.Korad

v2015.08.19.05

MicroWorld eScan

Application.Generic.580337

16.0.0.693

NANO AntiVirus

Trojan.Win32.Kraddare.crixwf

0.28.0.58101

Qihoo 360 Security

HEUR/Malware.QVM11.Gen

1.0.0.1015

Reason Heuristics

PUP.DOTPITCHINC (M)

15.8.19.17

Rising Antivirus

PE:Trojan.Win32.Generic.14BAC14D!347783501

23.00.65.15817

Sophos

Generic PUA IL

4.98

Trend Micro House Call

PAK_Generic.001

7.2.231

Trend Micro

PAK_Generic.001

10.465.19

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Adware.Adpopup

27126

File size:

91.6 KB (93,784 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\windowstab\windowstab_uc.exe

Digital Signature

Signed by:

DOTPITCH.INC

Authority:

Thawte, Inc.

Valid from:

3/11/2013 9:00:00 PM

Valid to:

4/11/2014 8:59:59 PM

Subject:

CN=DOTPITCH.INC, OU=Marketing, O=DOTPITCH.INC, L=Seocho-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0AA240F3D167B5B6AF5A20903B60B16F

File PE Metadata

Compilation timestamp:

6/3/2013 4:05:28 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:zKrQhgINkbAyhLEtACLzi83RaDZZpgB5oGWHUjt4MvGZCykCfcO2WqsSPh87+Cpx:Ork58CLziWRqeHGUx4WGZxiO2WIq

Entry address:

0x3CC20

Entry point:

60, BE, 00, 80, 42, 00, 8D, BE, 00, 90, FD, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Entropy:

7.8744

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

84 KB (86,016 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WINDOWSTAB_UC

Command:

"C:\users\{user}\appdata\local\windowstab\windowstab_uc.exe" \run

The file windowstab_uc.exe has been discovered within the following program.

WindowsTab Uninstall by DOTPITCH.INC

85% remove it

Remove windowstab_uc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.