home

btvstack.exe

The executable btvstack.exe has been detected as malware by 40 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AtherosBtStack’. The file is most likely infected with the Neshta virus, a Russian virus that gathers system information and send it to a remote command and cotrol server.
MD5:
ef1bd128e4a029e2fe2f8c433b3765e9

SHA-1:
89bc6a7c20531c5e2d578187f0a24c3b414ee646

SHA-256:
e58a867a0c3d3a35f4fb2fe78d22789b11c08109092e982459948f29a552d912

Scanner detections:
40 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
5/7/2024 7:36:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Neshta.A
6762526

Agnitum Outpost
Win32.Neshta.A
7.1.1

AhnLab V3 Security
Win32/Neshta
2015.03.06

Avira AntiVirus
W32/Neshta.A
7.11.214.42

avast!
Win32:Apanas [Trj]
150101-1

AVG
Worm/Delf.FF
2014.0.4253

Baidu Antivirus
Virus.Win32.Neshta.$a
4.0.3.1536

Bitdefender
Win32.Neshta.A
1.0.20.325

Bkav FE
W32.NeshtaB.PE
1.3.0.6379

Clam AntiVirus
W32.Neshuta.A
0.98/20153

Comodo Security
Win32.Neshta.A
21311

Dr.Web
Win32.HLLP.Neshta
9.0.1.05190

Emsisoft Anti-Malware
Win32.Neshta
9.0.0.4799

ESET NOD32
Win32/Neshta.A virus
7.0.302.0

Fortinet FortiGate
W32/Neshta.A
3/6/2015

F-Prot
W32/HLLP.41472
4.6.5.141

F-Secure
Win32.Neshta.A
5.13.68

G Data
Win32.Neshta
15.3.25

IKARUS anti.virus
Virus.Win32.Neshta
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.200.15179

Kaspersky
Virus.Win32.Neshta
15.0.0.543

McAfee
Virus.W32/HLLP.41472.e
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.193.1548.0

MicroWorld eScan
Win32.Neshta.A
16.0.0.195

NANO AntiVirus
Virus.Win32.Neshta.cdby
0.30.0.296

Norman
Win32.Neshta.A
02.01.2015 13:58:24

nProtect
Virus/W32.Neshta
15.03.06.01

Panda Antivirus
W32/Neshta.A
15.03.06.05

Quick Heal
W32.Neshta.C8
3.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.6.5

Rising Antivirus
PE:Win32.Netsha.a!411233
23.00.65.15304

Sophos
Virus 'W32/Bloat-A'
5.11

Total Defense
Win32/Neshta.A
37.0.11479

Trend Micro House Call
PE_NESHTA.A
7.2.65

Trend Micro
PE_NESHTA.A
10.465.06

Vba32 AntiVirus
Virus.Win32.Neshta.a
3.12.26.3

VIPRE Antivirus
Threat.4276445
37788

ViRobot
Win32.Neshta.B[h]
2014.3.20.0

Zillya! Antivirus
Virus.Neshta.Win32.1
2.0.0.2089

File size:
1 MB (1,062,048 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\bluetooth suite\btvstack.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:5s858SmRLpb5V41xg7HHAqvsx2Z97hWWZ2:5Z8S8Lp6q78M/lWWw

Entry address:
0x80E4

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, E8, 89, 45, E4, 89, 45, EC, B8, 54, 80, 40, 00, E8, 12, BE, FF, FF, 33, C0, 55, 68, 20, 82, 40, 00, 64, FF, 30, 64, 89, 20, B8, A8, 91, 40, 00, B9, 0B, 00, 00, 00, BA, 0B, 00, 00, 00, E8, 5C, EF, FF, FF, B8, B4, 91, 40, 00, B9, 09, 00, 00, 00, BA, 09, 00, 00, 00, E8, 48, EF, FF, FF, B8, C0, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 34, EF, FF, FF, B8, DC, 91, 40, 00, B9, 03, 00, 00, 00, BA, 03, 00, 00, 00, E8, 20, EF, FF, FF, A1, 10, 92, 40...
 
[+]

Entropy:
5.6657

Developed / compiled with:
Microsoft Visual C++

Code size:
29 KB (29,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AtherosBtStack

Command:
"C:\Program Files\bluetooth suite\btvstack.exe"


Remove btvstack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.