» amztab.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

amztab.exe

The application amztab.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “AmazingTab Update Service”. This file is typically installed with the program AmazingTab Update by AmazingTab. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

amztab.exe

Version:

1.0.0.694

MD5:

7f76b23ec074c28eba67c3f9cce7c3f0

SHA-1:

4b8dabd83b9d6a0a0b81f27b0f4c4260a57b7f3d

SHA-256:

2ca8e90cea8ea285b10ca56a6b61f8c81b7f17cfc3442e4e9759d98e5f3a3447

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 3:36:24 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2015.12.14

Avira AntiVirus

ADWARE/Amonetize.Gen7

8.3.2.4

avast!

Win32:Evo-gen [Susp]

151028-1

Baidu Antivirus

PUA.MSIL.Amonetize

4.0.3.151221

ESET NOD32

MSIL/Amonetize.AA potentially unwanted application

7.0.302.0

G Data

Win32.Application.Agent.J7680C

15.12.25

IKARUS anti.virus

PUA.MSIL.Amonetize

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.18090

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.937

Malwarebytes

PUP.Optional.Amonetize

v2015.12.21.12

McAfee

Artemis!7F76B23EC074

5600.6544

NANO AntiVirus

Riskware.Win32.Amonetize.dyupht

1.0.10.5081

Panda Antivirus

Generic Suspicious

15.12.21.12

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Trend Micro

TROJ_GEN.R021C0OKI15

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

45820

File size:

371 KB (379,904 bytes)

Product version:

1.0.0.694

Original file name:

amztab.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\amazingtab\amztab.exe

File PE Metadata

Compilation timestamp:

11/12/2015 4:50:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:OErl/HswmzhRjnh6Q+ZsOP7ri8SQJ9zI9zpcSZlC/aQxvd5ooAJJFbNGMbD8JCSG:FRPsntNUcY7rgppXjCSEvjCJFb4K

Entry address:

0x5DFFE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8617

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

368.5 KB (377,344 bytes)

Service

Display name:

AmazingTab Update Service

Service name:

AmazingTab Update

Type:

Win32OwnProcess

The file amztab.exe has been discovered within the following program.

AmazingTab Update by AmazingTab

About 7% of users remove it

Remove amztab.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.