cmw_srv.exe

Hotspot Shield 6.5.2

AnchorFree Inc

This is the downloadable installer to AnchorFree's Hotsopt Shield, an ad-supported VPN client that integrates with the browser. The free version injects ads in the web browser. The executable cmw_srv.exe has been detected as malware by 3 anti-virus scanners. The program is a setup application that uses the HotspotShield installer. It runs as a separate (within the context of its own process) windows Service named “Hotspot Shield Service”.
Publisher:
AnchorFree Inc.  (signed by AnchorFree Inc)

Product:
Hotspot Shield 6.5.2

Version:
6.5.2.10372

MD5:
d24d30168e22496770cda47b56956a0f

SHA-1:
455f52211a58c58fb98830c4249c5b8380d4d8ba

SHA-256:
4fbf5194ed3acd338881fcf292d5495edda8eb580b8fca179e81ce048dba0b88

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/5/2024 11:32:10 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.16.24

File size:
2.6 MB (2,682,943 bytes)

Product version:
6.5.2.10372

Copyright:
Copyright (C) 2017

File type:
Executable application (Win32 EXE)

Installer:
HotspotShield

Language:
English (United States)

Common path:
C:\Program Files\hotspot shield\bin\cmw_srv.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/19/2016 5:00:00 PM

Valid to:
7/18/2017 4:59:59 PM

Subject:
CN=AnchorFree Inc, O=AnchorFree Inc, L=Menlo Park, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C55C805B14E57423E47788CF4B66377

File PE Metadata
Compilation timestamp:
3/1/2017 2:28:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
14.0

Entry address:
0x1BC4C3

Entry point:
E9, 87, E2, FF, FF, E9, 87, FE, FF, FF, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, B9, 01, 00, 00, 00, F2, 0F, 10, 2D, 88, 40, 5F, 00, EB, 1C, B9, 02, 00, 00, 00, F2, 0F, 10, 2D, 90, 40, 5F, 00, EB, 0D, B9, 03, 00, 00, 00, F2, 0F, 10, 2D, 88, 40, 5F, 00, 66, 0F, 7E, C0, 25, FF, FF, FF, 7F, 3D, 00, 00, 80, 7F, 0F, 83, 4C, 01, 00, 00, F3, 0F, 5A, C0, 83, F9, 02, 75, 18, F2, 0F, 10, 15, A8, 40, 5F, 00, 66, 0F, 2F...
 
[+]

Entropy:
6.5952

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
1.9 MB (2,001,920 bytes)

Service
Display name:
Hotspot Shield Service

Service name:
hshld

Type:
Win32OwnProcess


Remove cmw_srv.exe - Powered by Reason Core Security