home

athbttray.exe

The executable athbttray.exe has been detected as malware by 39 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AthBtTray’. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server.
MD5:
634e2f6b892166b85d577bbfcda4f514

SHA-1:
0896cf98abdfba0f8209957c23a6438c2ad0d2a2

SHA-256:
5df924a59b1e7a258faca5c2b898eba46d159d50c8068156596cf981cdba2d2b

Scanner detections:
39 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/19/2024 3:42:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Neshta.A
6762526

Agnitum Outpost
Win32.Neshta.A
7.1.1

AhnLab V3 Security
Win32/Neshta
2015.03.06

Avira AntiVirus
W32/Neshta.a
7.11.30.172

avast!
Win32:Apanas [Trj]
150303-0

AVG
Worm/Delf.FF
2014.0.4253

Baidu Antivirus
Virus.Win32.Neshta.$a
4.0.3.1536

Bitdefender
Win32.Neshta.A
1.0.20.325

Bkav FE
W32.NeshtaB.PE
1.3.0.6379

Clam AntiVirus
W32.Neshuta.A
0.98/20153

Comodo Security
Win32.Neshta.A
21311

Dr.Web
Win32.HLLP.Neshta
9.0.1.05190

Emsisoft Anti-Malware
Win32.Neshta
9.0.0.4799

ESET NOD32
Win32/Neshta.A virus
7.0.302.0

Fortinet FortiGate
W32/Neshta.A
3/6/2015

F-Prot
W32/HLLP.41472
4.6.5.141

F-Secure
Win32.Neshta.A
5.13.68

G Data
Win32.Neshta
15.3.25

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.200.15179

Kaspersky
Virus.Win32.Neshta
15.0.0.543

McAfee
Virus.W32/HLLP.41472.e
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.193.1887.0

MicroWorld eScan
Win32.Neshta.A
16.0.0.195

NANO AntiVirus
Virus.Win32.Neshta.cdby
0.30.0.296

Norman
Win32.Neshta.A
02.01.2015 13:58:24

nProtect
Virus/W32.Neshta
15.03.06.01

Panda Antivirus
W32/Neshta.A
15.03.06.05

Quick Heal
W32.Neshta.C8
3.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.6.5

Rising Antivirus
PE:Win32.Netsha.a!411233
23.00.65.15304

Sophos
Virus 'W32/Bloat-A'
5.11

Total Defense
Win32/Neshta.A
37.0.11479

Trend Micro House Call
PE_NESHTA.A
7.2.65

Trend Micro
PE_NESHTA.A
10.465.06

Vba32 AntiVirus
Virus.Win32.Neshta.a
3.12.26.3

VIPRE Antivirus
Threat.4276445
37788

ViRobot
Win32.Neshta.B[h]
2014.3.20.0

Zillya! Antivirus
Virus.Neshta.Win32.1
2.0.0.2089

File size:
822.2 KB (841,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bluetooth suite\athbttray.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:d2uuXWQaFiVTXwiYErXpMmft4rZsNKQHIQvvvvvvvvvvvvvvvvvvvvvvvivvvvvn:d2u7QaA7T+rSKQHIMVW3

Entry address:
0x80E4

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40...
 
[+]

Entropy:
6.0974

Developed / compiled with:
Microsoft Visual C++

Code size:
29 KB (29,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AthBtTray

Command:
"C:\Program Files\bluetooth suite\athbttray.exe"


Remove athbttray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.