» xtab_v4.0.exe
Overview
Analysis
File Details

xtab_v4.0.exe

Giner Tech Inc

The application xtab_v4.0.exe by Giner Tech Inc has been detected as adware by 21 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. It is also typically executed from the user's temporary directory.

File name:

xtab_v4.0.exe

Publisher:

XTab (signed by Giner Tech Inc)

Product:

XTab

Version:

4.0.2.1990

MD5:

ab5ef850169b67afe19637fd7b6ed049

SHA-1:

cdd9f02772b80f21f3b7ecfc80c7d64aa9160f08

SHA-256:

12cad1144825f458ee27259fba81d76d2fd6cc3d03fee6f7282a7d52b1de7998

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

8/2/2025 8:47:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SearchProtect.W

700

Agnitum Outpost

PUA.SearchProtect

7.1.1

Avira AntiVirus

PUA/SearchProtect.EH

7.11.214.72

Baidu Antivirus

PUA.Win32.ELEX

4.0.3.1536

Bitdefender

Adware.SearchProtect.W

1.0.20.325

Dr.Web

Adware.Mutabaha.119

9.0.1.065

Emsisoft Anti-Malware

Adware.SearchProtect.W

8.15.03.06.03

ESET NOD32

Win32/ELEX.BM potentially unwanted

9.11280

F-Secure

Adware.SearchProtect.W

11.2015-06-03_6

G Data

Adware.SearchProtect

15.3.25

K7 AntiVirus

Trojan

13.200.15187

Kaspersky

not-a-virus:AdWare.Win32.SearchProtect

14.0.0.2387

Malwarebytes

PUP.Optional.BrowserWatch

v2015.03.06.03

MicroWorld eScan

Adware.SearchProtect.W

16.0.0.195

nProtect

Adware.SearchProtect.W

15.03.06.01

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Thinknice

15.3.11.17

Trend Micro House Call

ADW_ELEX

7.2.65

Trend Micro

ADW_ELEX

10.465.06

Vba32 AntiVirus

AdWare.SearchProtect

3.12.26.3

VIPRE Antivirus

Adware.SearchProtect

38176

File size:

2.3 MB (2,415,992 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\xtab_v4.0.exe

Digital Signature

Signed by:

Giner Tech Inc

Authority:

GlobalSign nv-sa

Valid from:

12/1/2014 5:23:38 AM

Valid to:

12/2/2015 5:23:38 AM

Subject:

CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112199DB8C96B8094D068EB2A83A0074BF32

File PE Metadata

Compilation timestamp:

3/22/2010 1:59:20 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:ylpEAz9DGIhZnRUdt4sSIVLcFyJIwETWvWpOUblUQuRB4:AaAz9DGIvRUL4s9YlwGWyJWzRB4

Entry address:

0x114A

Entry point:

E9, F1, 55, 00, 00, E9, 0C, 95, 00, 00, E9, 47, B9, 00, 00, E9, 52, 99, 00, 00, E9, AD, 94, 00, 00, E9, C8, A9, 00, 00, E9, 43, 9A, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

62 KB (63,488 bytes)

Remove xtab_v4.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.