mhotspot-setup-v2.0.1.10348-pgrv1.exe

The application mhotspot-setup-v2.0.1.10348-pgrv1.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.brothersoft.com and multiple other hosts.
MD5:
6dcf97d293acd2999ef7a7c3e3a38bcf

SHA-1:
50d9bf39c1cee960a640ac162e456e1db6a22d53

SHA-256:
0c3a44b06d7fec2b20a08f75d50c415bcce93bf1f446acd1d552570cceb52699

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/23/2024 8:47:38 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15224

Dr.Web
Adware.InstallCore.122
9.0.1.055

ESET NOD32
Win32/InstallCore.CA.gen (variant)
9.10681

Rising Antivirus
PE:Malware.InstallCore!6.4
23.00.65.15222

Vba32 AntiVirus
3.12.26.3

File size:
658 KB (673,792 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\mhotspot-setup-v2.0.1.10348-pgrv1.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:myMJfs/J+QNL0jXH/5cJxdUM7fIiHIm9rQ2RhuERQbber2t/L9id:myMJfsx+QNQDB0xdD7IgK22ereL

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.5980

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file mhotspot-setup-v2.0.1.10348-pgrv1.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-30-150-214.eu-west-1.compute.amazonaws.com  (52.30.150.214:80)

TCP (HTTP):
Connects to server.mhotspot.com  (162.144.34.46:80)

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to a104-93-200-30.deploy.static.akamaitechnologies.com  (104.93.200.30:80)

Remove mhotspot-setup-v2.0.1.10348-pgrv1.exe - Powered by Reason Core Security