× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f4d36b73d32c3d2726c39d70124f287444a8cc9634c59affabc48cf180afb26
File name: mHotspot_setup_6.5.2.1.exe
Detection ratio: 7 / 47
Analysis date: 2013-09-11 02:52:20 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
Baidu-International Trojan.Win32.OpenCandy 20130910
Comodo UnclassifiedMalware 20130910
ESET-NOD32 Win32/OpenCandy 20130910
Fortinet W32/OpenCandy.CPH!tr 20130911
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
McAfee RDN/Generic.dx!cph 20130911
McAfee-GW-Edition RDN/Generic.dx!cph 20130911
Yandex 20130910
AhnLab-V3 20130910
AntiVir 20130910
Antiy-AVL 20130910
Avast 20130911
AVG 20130910
BitDefender 20130911
ByteHero 20130903
CAT-QuickHeal 20130910
ClamAV 20130910
Commtouch 20130911
DrWeb 20130911
Emsisoft 20130911
F-Prot 20130911
F-Secure 20130911
GData 20130911
Ikarus 20130911
Jiangmin 20130903
K7AntiVirus 20130910
K7GW 20130910
Kaspersky 20130911
Malwarebytes 20130911
Microsoft 20130911
eScan 20130911
NANO-Antivirus 20130910
Norman 20130910
nProtect 20130910
Panda 20130910
PCTools 20130910
Rising 20130910
Sophos AV 20130911
SUPERAntiSpyware 20130911
Symantec 20130911
TheHacker 20130911
TotalDefense 20130911
TrendMicro 20130911
TrendMicro-HouseCall 20130911
VBA32 20130909
VIPRE 20130911
ViRobot 20130910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product mHotspot
File version 6.5.2.1
Description mHotspot Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 8afd93b1e3b84fef94d0b24c6c08f75c
File type data
Offset 54272
Size 707907
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
6.5.2.1

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0x9c40

MIMEType
application/octet-stream

FileVersion
6.5.2.1

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
6.4.0.0

FileDescription
mHotspot Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
mHotspot, Inc.

CodeSize
37888

ProductName
mHotspot

ProductVersionNumber
6.5.2.1

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 a4d9d036506f0c482c25bd4c3e7b2cf9
SHA1 c70b88b6279731dbfe588be0e87feb9918031dc7
SHA256 8f4d36b73d32c3d2726c39d70124f287444a8cc9634c59affabc48cf180afb26
ssdeep
12288:1QFa6PkyckzKjBv4wYjmVda8vm9L/LhJ4KgumIUCLLw6ti3LniQ:1QFHPkz9vd0+IrLhJCmFs6tkeQ

authentihash 9bba64b49a1f15b6168075aa60d5dca9ec6a5e598724751d130fe92b6d971567
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 744.3 KB ( 762179 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-08-16 14:16:44 UTC ( 4 years, 2 months ago )
Last submission 2017-06-06 16:52:34 UTC ( 4 months, 2 weeks ago )
File names mHotspot.exe
23537078
output.23537078.txt
mHotspot_setup_6.5.2.1.___
e4558504dcd9c364b9d67ac50fcbd6cdcaa12183
18870-mHotspot_setup_6.5.2.1.exe
16246017
45-mHotspot.exe
output.16246017.txt
18870-mHotspot_setup_6.5.2.1 (1).exe
13200836.malware
filename
12931874.malware
mHotspot_6.4.0.0.exe
mHotspot_setup_6.5.2.exe
mHotspot_setup_6.5.2.1.exe
mhotspot_setup_6.5.2.1.exe
mHotspot (2).exe
mHotspot_setup_6.5.2.1_win7.exe
octet-stream
vt-upload-S0miB
a4d9d036506f0c482c25bd4c3e7b2cf9_INFA78D.tmp
mHotspot_setup_6.4.0.0.exe
mhotspot_setup_6.5.2.1.exe
vt-upload-qWs1k
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspici.1B63843A.

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!