home

ahotspot.exe

The executable ahotspot.exe has been detected as malware by 2 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AntamediaHotSpot’.
MD5:
6f05f05729a4459881c74c3a73a3cf54

SHA-1:
af5464083a64a26edf3c7de6587abc1ddf9e6fee

SHA-256:
882bc0de78f9cc899f7d494155b594052ba128e329d79b0c5ad20cfc4120d031

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/29/2024 2:56:17 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/AutoRun.Delf.LV worm
6.3.12010.0

F-Prot
W32/Autorun.ZF
4.6.5.141

File size:
824.5 KB (844,288 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/9/1996 7:59:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xABCA0

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 64, 5E, 4A, 00, E8, 83, EB, F5, FF, 8B, 1D, B4, E1, 4A, 00, 8B, 03, E8, B6, 49, FF, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, E3, 66, FF, FF, 8B, 0D, B4, E0, 4A, 00, 8B, 03, 8B, 15, 98, 5A, 4A, 00, E8, AC, 49, FF, FF, 8B, 0D, F0, E1, 4A, 00, 8B, 03, 8B, 15, F8, 54, 4A, 00, E8, 99, 49, FF, FF, 8B, 03, E8, E2, 4A, FF, FF, 5B, E8, C8, A9, F5, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5257

Developed / compiled with:
Microsoft Visual C++

Code size:
682.5 KB (698,880 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AntamediaHotSpot

Command:
C:\antamedia\hotspot\ahotspot.exe


Remove ahotspot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.