hotspot-shield-elite.exe

Des

PlatformPrompt (Alpha Criteria Ltd.)

The application hotspot-shield-elite.exe, “Des Setup ” by PlatformPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftchuckleflash.com and multiple other hosts.
Publisher:
Dogosifuso   (signed by PlatformPrompt (Alpha Criteria Ltd.))

Product:
Des

Description:
Des Setup

Version:
2.6.5.0

MD5:
9d80db0d1375eda520d531037a7d6820

SHA-1:
d60a7306fadde9f988bac45d7b239bc4d97d20b5

SHA-256:
9c14203d764b2cbdbf6b95bf7bfbeb2715d2b367b5e89230a97b79ada8a76f2d

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 1:06:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.8.11.0

File size:
952 KB (974,848 bytes)

Product version:
3.4.8

Copyright:
Stub Web

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hotspot-shield-elite.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 3:17:26 PM

Valid to:
9/2/2016 2:02:46 PM

Subject:
CN=PlatformPrompt (Alpha Criteria Ltd.), O=PlatformPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112111817CD313A533F2A76178D4452F81A6

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:T7vDPwUFhDqNzcU16jVXw4VXNLnMXugux2TrhbIC:TjzwUFJqpKpVxnMXvq2TdbIC

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9091

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file hotspot-shield-elite.exe has been seen being distributed by the following 3 URLs.

http://www.giftchuckleflash.com/d_pJGdKi8qmUYyGP87j_hTfcUax4RDGAEqVEv3doJuqI2n_TNSumFJV Ld0Wa_tIw0JZFIPPRh603jm8G3Vscprd0cPz3XW8bAZKaICIP7CZWK6xXDOoKNCQDiayA6EHvFbFVy6dg SvLZnhOcUk8qeNRIa0CFEFXXY333q8xCJxR__rQPmZnkCygVQicA3LXIopD0yQs6URAtnJGKNRXs8w8PbgfvQHdYLasq2yXQAJpKyDEtQkxAe1YW_teZdkkE1VA6kDp4eMEWmGX63UbbjfyWiNNqrRtbWGgB5bVm98zRWCSJlWv7SKZAu5OQpbmRsafotJdQOi7d5ojO5cUag3ymW42fNo 2kqNTSQw57 dkz2yW9z_taPDp_PCj5ATqrQ7HSJnRGX9gOZE331eTUGhpHvTEK0u 27vRjjV2OeywqbkkrS5MarMWneTHgHPRGNNC G3vTNcFC1CYxdnbdlahr uWy9R9seOPRGwFi1Nd_BZ2ii5jaB IVAxGW9Z0stiZfmFIetNjIswIUX8x3f5VmWK53 aQxVABHjREQVwIO2hsI=-G1sAAGRgnq2tQYjwHwcINuBUA4CIAh3Qzmz7ao5jWUJ oXaa5mIoQhTAzXzsC8C9acuhAM_tUULlU8r7IYa pbGsQ1f97C2HaX__wso8oBRRgkYYhiIoAg==-e

http://www.giftchuckleflash.com/Zx1Knb wA0f8qsjnAFb7Bod7Gowdp1uvglguz1U3Mi58UlSUwLVdF863EFON5Ln1QL6EsvvfMxYFc5dhiEOdAn4CzWHIl9_iSEMzAJX4zjPaIeGyciEGlarr3ApAs8p_FKBsOJTYRy3H6qUxo1nevXiuhrDz7KsOuCg7aO2jN8JmsFeUsrhQmNPgi1eHEIxpUc0CQzyFyF6lwwQSBeR7iY5ACTbTLGLi3lEwm8SezK popF2w_Vf_PUJE9TbDxbRKLYWz640m4UDFbiLfgSdgn12Caq8WxVpNFOn1 dAEtcXERm7rZ mFQx9CkyAC wqX_PIQor8PMcT06OREaZwDvEZfrwmrkaBYmixS4hpDik2vKEV20TWUwatN0lq1ACZIgpZsngTXGV7LGctXW2qPWoq9wlkGcgvb0Hl8pt5EVCbxt0PWe4Jzmq8Vi1KyL5tQ4pF4vriD4ZunlfGbgn_roQSrkDo yfjukC0cAYXhc7urLsKKT9Ai12BBET yXZZ3bzQR YrMzumZjToHB1Gz1ZE18Nf2kbG0toSC0618jB3kkQDZgs=-G1sAAGRgu_d6gCd4IcEGnGoAEFGgA9qZbV_tea5LyC_UzfNSjkWIArhdzmMFeLRdNZbguTsrqHor TjFUt_DgqRfK8bi32Y1n66TSgUqESVohCUQnMQB-e

Remove hotspot-shield-elite.exe - Powered by Reason Core Security