hotstar.exe

The application hotstar.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from a.angelijah.com.
MD5:
2ad082cbeb0f1fd7d23bdf5f145b5c99

SHA-1:
b5766981d4802456216897209a89c193602c4db3

SHA-256:
6bda1206af7866a54a69556944164838a348eda66cf324ce98d3f658462298b6

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/23/2024 4:01:02 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:MultiPlug-AAE [PUP]
160118-1

AVG
Adware Generic6.BDXT
2015.0.4522

Dr.Web
Trojan.Crossrider1.40163
9.0.1.05190

VIPRE Antivirus
Threat.5180739
46244

File size:
55.3 KB (56,598 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hotstar.exe

File PE Metadata
Compilation timestamp:
7/7/2012 7:03:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
768:JBjMKs0H8B869l9+SvTzlgUlzWkMZOYcnFciQZbjEuJuK/XowZ6S4NKTcSWUb6p:J1MKs+/AFTpWxN/hNZ6SvcSD+

Entry address:
0x64E2

Entry point:
E8, 0D, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D0, 0C, 41, 00, E8, 18, 17, 00, 00, E8, DA, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, A0, 11, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D3, 06, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.1843

Code size:
45.5 KB (46,592 bytes)

The file hotstar.exe has been seen being distributed by the following URL.

Remove hotstar.exe - Powered by Reason Core Security