» bthsamppalservice.exe
Overview
Analysis
File Details

bthsamppalservice.exe

Intel Centrino Bluetooth High Speed

Intel Corporation

The executable bthsamppalservice.exe, “Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter” has been detected as malware by 10 anti-virus scanners.

File name:

Publisher:

Intel Corporation (signed and verified)

Product:

Intel® Centrino® Bluetooth High Speed

Description:

Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter

Version:

14, 1, 1, 3

MD5:

0741c5e6097c6ce73b182924fbb4d407

SHA-1:

ff768bc464cd3e0f87140d343942e590b6fabfd2

SHA-256:

5e91036d6bf3bc7d64b878a237165dda26b5d251d6cb5f8e93622861eee32dd1

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/25/2024 4:25:58 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160518-2

AVG

Win32/Floxif.A

2015.0.4591

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

8.0.319.0

F-Prot

W32/Floxif.B

4.6.5.141

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

McAfee

Trojan.Dropper-FIY!0741C5E6097C

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.968.0

Norman

Win32.Floxif.A

19.05.2016 01:04:49

File size:

977.9 KB (1,001,415 bytes)

Product version:

14, 1, 0, 0

Original file name:

AmpPal.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\intel\bluetoothhs\bthsamppalservice.exe

Digital Signature

Signed by:

Intel Corporation

Authority:

Intel Corporation

Valid from:

8/7/2009 5:47:25 PM

Valid to:

1/24/2012 5:47:25 PM

Subject:

CN=Intel Corporation - Mobile Wireless Group, OU=Mobile Wireless Group, O=Intel Corporation, L=Hillsboro, S=OR, C=US

Issuer:

CN=Intel External Basic Issuing CA 3A, O=Intel Corporation, C=US

Serial number:

1D2CDBF500000000352F

File PE Metadata

Compilation timestamp:

4/21/2011 10:29:45 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:1A8od+81y0gnRgalQiywWfGF572PqUGj5lV5ACK/FABjvrEH7c:1A8oZSRgaltkUUJzCK/FirEH7c

Entry address:

0x597D6

Entry point:

E9, 46, 8C, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, 72, 1C, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 20, F9, FF, FF, 83, C4, 14, 83, C8, FF, E9, A1, 00, 00, 00, 8B, 45, 0C, 56, 8B, 75, 08, 3B, C3, 74, 21, 3B, F3, 75, 1D, E8, 43, 1C, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, F1, F8, FF, FF, 83, C4, 14, 83, C8, FF, EB, 74, C7, 45, EC, 42, 00, 00, 00, 89, 75, E8, 89, 75, E0, 3D, FF, FF, FF, 3F, 76, 09, C7, 45, E4, FF, FF, FF... 
[+]

Entropy:

5.9964

Packer / compiler:

Xtreme-Protector v1.05

Code size:

413.5 KB (423,424 bytes)

Remove bthsamppalservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.