» hotspot-shield.exe
Overview
Analysis
File Details
Downloads (2)

hotspot-shield.exe

Des

PlatformPrompt (Alpha Criteria Ltd.)

The application hotspot-shield.exe, “Des Setup ” by PlatformPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftchuckleflash.com and multiple other hosts.

File name:

hotspot-shield.exe

Publisher:

Dogosifuso (signed by PlatformPrompt (Alpha Criteria Ltd.))

Product:

Des

Description:

Des Setup

Version:

2.6.5.0

MD5:

3186733a5e046334588690cfcb5e6aae

SHA-1:

52aef1ba9923f0e443fa005069a92269fe1de48c

SHA-256:

3d221f228befbeae5e52766a8be3ab94f36d1e527e6aad7d331595c2bba06f0e

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

5/1/2024 2:37:29 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.8.11.4

File size:

952 KB (974,848 bytes)

Product version:

3.4.8

Stub Web

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\hotspot-shield.exe

Digital Signature

Signed by:

PlatformPrompt (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/16/2015 3:17:26 PM

Valid to:

9/2/2016 2:02:46 PM

Subject:

CN=PlatformPrompt (Alpha Criteria Ltd.), O=PlatformPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112111817CD313A533F2A76178D4452F81A6

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:X7vDPwUFhDqNzcU16jVXw4VXNLnMXugux2TrhbIC:XjzwUFJqpKpVxnMXvq2TdbIC

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.9091

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file hotspot-shield.exe has been seen being distributed by the following 2 URLs.

http://www.giftchuckleflash.com/LhlCkRYuVQf6kkIvBjrq6xM_htk44T7AQKWVD3PPKsvqmeQLSu6onO3XqUK5P0LWJ 8XrEW3KT_clliowmP_yjLEWMwrUQbmgUocqC6gZdKWoCJOSftv3UuB7QQg89VNV66JDSFw0Y5AuoDWC9fK1dnIRZFvWlNkV_572NpA5O bV0v UVU89PApxLDHiYBnTwsF1CgqrwRqoQkenJAY4CSTSXgcAgslI 35kgt6JUbqqXt6UnXPIKfRRxKCHQEyhZ L1MTPfsbn5LKoS4yHf6kguk7zGdquXZsO3q0jIDXHTIoaaFteYcwMTddMAcB01aO8wFPGRVS 56dD6pAX5NEPPxAkJSEd3PtYvL1G_Wwg8nQbu6xnwghSl3Q9bBehnyfmPddxdp3jxt1cvX4M3b62nO3hDjXZepUpVetYpEUH7S2H2uFS_FZnCjczqwCZvmlR4Hewy8MxLhw4mmTn8DbbostuvpOo 4B6UGSOFsmd MB_XoESNJqJQVM4DA6lnrWXSILV88wxd_2ufPRlha6ihycJX 6cgDvQwJhGmh28nVRQX7c=-G1UAAGRgnq2tSc7CBdiAUw0AIhp0INtuINs mZ_P6xLqG1rO89LvRShzeL48H9cDfMzLsPfQ8B3kx1P8W75uRN3Tc2m2zr3kJYZNwCCiBI0iKIoTDA==-e

http://www.giftchuckleflash.com/zzOFw2v74z8amxV0tUB_gABl86tSKyBJ_eMTaSFafUgZR6cnPT4ik8SgSZbrE2vAoFDj_VRZQCQrfkfwq82qROq8c2vAZKSDwSuZMExAIYe fX0voXtspmR2s_Y16mA2byIWRzHSGRbbeznKCfZe8iB_SUQBz1ugGwrEIB1ei Ln_JYB24p0MOCSwaDSeQU4II6D95a2YdqT2DOC6fzEne97KkmfykWmPWng9AoCqKdY0hwGwBksmY8JKFIVrlSZXOpLeqqrvOspSpL59GegyLvtA_IJYUbaHnVak60fSI340ID30NOOeRaB8QzbqOqcOubQc8kVIpPAOh7UVf46YeiIayniTcFl7pxNT8CHoKprUNRrU3m972WfHD5LXyGE0fH8JxKXmZFq5bY2sgrSPVblsGIbh5K2yo7BjayOO0ELTaDrAnbLv1KLKV8CM6wadcBdOdSYqoi6ldP8jlcbn6KsjaFlYVH8rpsz xkModSUK77B6qMLcGtiDd4mOg6rC0RzsF5aQxVquTc3WutkQewJtXl3Z837m0Q7CIggrVmbUpcqPyE=-G1UAAGRgnq2tSUzwCdiAUw0AIgp0UDuz7Wt_v 9LyC90uF5v87kIZQ7vt_frfgBf 2E5z9DyX TXW2z9M2bpn8ZisIP3CyaG7b7JD1hElKARFkFZHAU=-e?EsetProtoscanCtx=98fcf38

Remove hotspot-shield.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.