» ostotohotspot.exe
Overview
Analysis
File Details
Behaviors (1)
Network (32)

ostotohotspot.exe

Shenzhen DriveTheLife Software Technology Co.Ltd

The application ostotohotspot.exe by Shenzhen DriveTheLife Software Technology Co.Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OSTotoHotspot’.

File name:

ostotohotspot.exe

Publisher:

Shenzhen DriveTheLife Software Technology Co.Ltd (signed and verified)

Version:

4, 1, 10, 8

MD5:

bb18bad9445a75aecc4ccc1dc614d740

SHA-1:

a655c1feb70afa1a226133a8b95c8d77fb9915bc

SHA-256:

5a4bad2d4d3efb7e4428faa44bcec2ed7415b8f4f48507264a71282611369428

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 3:09:28 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OstotoHotspot (L)

16.11.21.10

File size:

1.2 MB (1,287,848 bytes)

Product version:

4, 1, 10, 8

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\ostotohotspot\ostotohotspot.exe

Digital Signature

Signed by:

Shenzhen DriveTheLife Software Technology Co.Ltd

Authority:

VeriSign, Inc.

Valid from:

11/9/2015 7:00:00 AM

Valid to:

2/8/2018 6:59:59 AM

Subject:

CN=Shenzhen DriveTheLife Software Technology Co.Ltd, OU=驱动人生, O=Shenzhen DriveTheLife Software Technology Co.Ltd, L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

631B026C20BFF9EE828B8198D36F0A12

File PE Metadata

Compilation timestamp:

9/10/2015 8:35:25 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:yOEy7jIjZ+XUKJYM7X7n6ApJkuDNDHxWM:30qUKJl7X7n6ApGuDNDYM

Entry address:

0x684A5

Entry point:

E8, 03, FC, 00, 00, E9, 79, FE, FF, FF, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, F8, 72, 4A, 00, 00, 74, 05, E9, BE, FC, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F, C3... 
[+]

Entropy:

6.0513

Code size:

528.5 KB (541,184 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

OSTotoHotspot

Command:

"C:\Program Files\ostotohotspot\ostotohotspot.exe" -auto

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to 6bb6ee00.lon.100tb.com (107.182.238.152:3801)

TCP (HTTP):

Connects to a23-52-91-27.deploy.static.akamaitechnologies.com (23.52.91.27:80)

TCP (HTTP):

Connects to a23-51-235-27.deploy.static.akamaitechnologies.com (23.51.235.27:80)

TCP (HTTP):

Connects to a23-43-75-27.deploy.static.akamaitechnologies.com (23.43.75.27:80)

TCP (HTTP):

Connects to a23-15-155-27.deploy.static.akamaitechnologies.com (23.15.155.27:80)

TCP (HTTP):

Connects to WIN-LKURIF4DLD2 (91.224.111.123:80)

TCP (HTTP):

Connects to a23-50-155-27.deploy.static.akamaitechnologies.com (23.50.155.27:80)

TCP (HTTP):

Connects to a23-57-219-27.deploy.static.akamaitechnologies.com (23.57.219.27:80)

TCP (HTTP):

Connects to a23-50-187-27.deploy.static.akamaitechnologies.com (23.50.187.27:80)

TCP (HTTP):

Connects to a23-4-43-27.deploy.static.akamaitechnologies.com (23.4.43.27:80)

TCP (HTTP):

Connects to a23-42-27-27.deploy.static.akamaitechnologies.com (23.42.27.27:80)

TCP (HTTP):

Connects to a23-37-43-27.deploy.static.akamaitechnologies.com (23.37.43.27:80)

TCP (HTTP):

Connects to a23-57-235-27.deploy.static.akamaitechnologies.com (23.57.235.27:80)

TCP (HTTP):

Connects to a23-55-155-27.deploy.static.akamaitechnologies.com (23.55.155.27:80)

TCP (HTTP):

Connects to a23-50-203-27.deploy.static.akamaitechnologies.com (23.50.203.27:80)

TCP (HTTP):

Connects to a23-43-139-27.deploy.static.akamaitechnologies.com (23.43.139.27:80)

TCP (HTTP):

Connects to a23-37-187-27.deploy.static.akamaitechnologies.com (23.37.187.27:80)

TCP (HTTP):

Connects to a23-35-91-27.deploy.static.akamaitechnologies.com (23.35.91.27:80)

TCP (HTTP):

Connects to a23-35-43-27.deploy.static.akamaitechnologies.com (23.35.43.27:80)

TCP (HTTP):

Connects to static.ill.117.239.122.16/24.bsnl.in (117.239.122.16:80)

Remove ostotohotspot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.