cmw_srv.exe

Hotspot Shield 6.5.2

AnchorFree Inc

This is the downloadable installer to AnchorFree's Hotsopt Shield, an ad-supported VPN client that integrates with the browser. The free version injects ads in the web browser. The executable cmw_srv.exe has been detected as malware by 3 anti-virus scanners. The program is a setup application that uses the HotspotShield installer. It runs as a separate (within the context of its own process) windows Service named “Hotspot Shield Service”.
Publisher:
AnchorFree Inc.  (signed by AnchorFree Inc)

Product:
Hotspot Shield 6.5.2

Version:
6.5.2.10372

MD5:
119065cc6ffdda541e692c9d475958a8

SHA-1:
444fe0cb8ff0b2a586e3ad9b4d0188ded96e0b8e

SHA-256:
eebd7cbf1feb807d1c3f624132eb8ad89f75f258deef7456d002c818c836db2b

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/25/2024 4:08:41 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.16.24

File size:
2.6 MB (2,682,943 bytes)

Product version:
6.5.2.10372

Copyright:
Copyright (C) 2017

File type:
Executable application (Win32 EXE)

Installer:
HotspotShield

Language:
English (United States)

Common path:
C:\Program Files\hotspot shield\bin\cmw_srv.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/20/2016 6:00:00 AM

Valid to:
7/19/2017 5:59:59 AM

Subject:
CN=AnchorFree Inc, O=AnchorFree Inc, L=Menlo Park, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C55C805B14E57423E47788CF4B66377

File PE Metadata
Compilation timestamp:
3/2/2017 4:28:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
14.0

Entry address:
0x1BC4C3

Entry point:
E9, 2C, EC, ED, FF, E9, 87, FE, FF, FF, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, B9, 01, 00, 00, 00, F2, 0F, 10, 2D, 88, 40, 5F, 00, EB, 1C, B9, 02, 00, 00, 00, F2, 0F, 10, 2D, 90, 40, 5F, 00, EB, 0D, B9, 03, 00, 00, 00, F2, 0F, 10, 2D, 88, 40, 5F, 00, 66, 0F, 7E, C0, 25, FF, FF, FF, 7F, 3D, 00, 00, 80, 7F, 0F, 83, 4C, 01, 00, 00, F3, 0F, 5A, C0, 83, F9, 02, 75, 18, F2, 0F, 10, 15, A8, 40, 5F, 00, 66, 0F, 2F...
 
[+]

Entropy:
6.5948

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.9 MB (2,001,920 bytes)

Service
Display name:
Hotspot Shield Service

Service name:
hshld

Type:
Win32OwnProcess


Remove cmw_srv.exe - Powered by Reason Core Security