hss-3.35-install-p103-365-conduit.exe

Hotspot Shield

AnchorFree Inc

This is the downloadable installer to AnchorFree's Hotsopt Shield, an ad-supported VPN client that integrates with the browser. The free version injects ads in the web browser. The installer includes a bundle of various unwanted software including the Conduit web extension and Search Protect which will modify the browser's search pages. The application hss-3.35-install-p103-365-conduit.exe by AnchorFree Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the HotspotShield installer.
Publisher:
AnchorFree Inc  (signed and verified)

Product:
Hotspot Shield

Version:
3.35.0.23717

MD5:
78d6879d7e14c07ccfe85328f5e8d899

SHA-1:
2226f47398d2b849d356d325c2f58de0f577a02f

SHA-256:
9840eb51b8052faba62d0632c9c838a178c0e9f1771e4f5b6d2b2d7335475e08

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 4:56:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AnchorFree.Bundler.Meta (L)
16.6.29.9

File size:
8.6 MB (9,053,344 bytes)

Product version:
3.35.0.23717

File type:
Executable application (Win32 EXE)

Bundler/Installer:
HotspotShield (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hss-3.35-install-p103-365-conduit.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/27/2011 8:00:00 PM

Valid to:
4/13/2014 7:59:59 PM

Subject:
CN=AnchorFree Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AnchorFree Inc, L=Sunnyvale, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
68A4A0CC448443C288A22A91D7F82126

File PE Metadata
Compilation timestamp:
9/9/2009 9:22:54 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:RHbPfRep25H5RTciKoJySPHnlN5NRJbSgQinUzoK4jjcxR7K4T:RHbJep25HzgiNJySHnlJjbS5cjWK2

Entry address:
0x33FF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, B8, EE, 7E, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, ED, 7E, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, C0, 6D, 7E, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, F0, 83, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file hss-3.35-install-p103-365-conduit.exe has been seen being distributed by the following 32 URLs.

http://www.softonic.com/sads/tracker.php?ev=c&co=MX&sid=2a8d1eda653840543943607674d2eba9&upv=dbd8501fae7065e695970d05f211f821&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAFE42F1DF280BB3E637EAFBAF6CA322F0A6D4A53B7681AF2C950D745AEAD993AC5E965E22E04EABD8126B9D7731150E7D8656A0C4A3CE197326EDD733EDBE2DFDBBDBCFB2D7C1655D36D58962CD00461F584050EE7A2FF85B658C6132FFA6085951FBD39D269DF0851A2ABD7615A5C85F898F551782CC46048CE5CFBA68CAB024F06B4598A79862CC1522F652BD047F82&h=30192BEE39D9CAE5C7A71CAD9DABA99982ADEE74C6900448FBF322EBB9AF1B7B&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.pl/sads/tracker.php?ev=c&co=PL&sid=3f5a9bf0d7ba52a66bc103feb5d0214c&upv=20650503026e0bbd3aab7cbc1a39ea89&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBA5AF9CBF22EBA58806AA7248FC06FDDCD04D77E2D466A3453E766D0346AAFB88E7BAD22000293C7BB51B25A97DD3640A9F254CF6B8019479A00C17CFE98DA012726B5151C4D1E4DA80FFC61D5DA8B288E3D283DC69DE639FE3BD8DB90D451E61B8DA3B7BDF89A86DFE80E08F99403F201B6E96DB44A8E22AEDE82F2F032D52E75F9ABA225EBFAE6A28100D283FC460923EB7884B2F5DC1215EFCAF5418397CB60&h=D0D6A37BF2644C30538EE6866AA4941249993E707E09128421459688E4DC4E29&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.pl/sads/tracker.php?ev=c&co=PL&sid=39f0120a095198eeddd33dfc153268b1&upv=084c8bfb358cf5bc79050f9200a06112&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBA5AF9CBF22EBA58806AA7248FC06FDDCD04D77E2D466A3453E766D0346AAFB88E7BAD22000293C7BB51B25A97DD3640A9F254CF6B8019479A00C17CFE98DA0127E498D401E482AC27B214DB41E034873AFF378D5BEC3B03A35F0C01D70B47C315A2C380D7497888C8EE87BA6E41BDA595C6229F59128AF907DB1BBDB50370D7E22B251B67F8A3E8999E7CFEC73BBD8BADC83CE6A452CA8F732CE2436FB28641DD&h=6094082889C8F8588617AD40389289B06FD37BBBF6C5C5653F77B78F7190180F&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.com/sads/tracker.php?ev=c&co=MX&sid=51387596d29653210c7006e9f403507a&upv=3a622462419f93ca66ce97808e97fa2d&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAFE42F1DF280BB3E637EAFBAF6CA322F0A6D4A53B7681AF2C950D745AEAD993AC5E965E22E04EABD8126B9D7731150E7D8656A0C4A3CE197326EDD733EDBE2DFDF08D7C8DB121047D825D350EFB1250F2ADC05631C0550E35C05AEA40F89B533E3934FA94EED66A1A81291A43391A01EDE08D286E90C661F4D1FF4F918087E52D8CFD7BCFD5A4677F65A21D7D5F508B46&h=AF77F17A83164532EAE46C8C0C5513C1FD3291AF6ABEDC8060E8D26DDFA50C3D&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.com/sads/tracker.php?ev=c&co=ES&sid=1d3235885957a6541cb54af001ad3bba&upv=209c4050472a47bfa767831c3731063c&z=list&sk=3143&abt=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAFE42F1DF280BB3E637EAFBAF6CA322F0AA5A8ACB76AF4FBF5804CCAF5E5DCE47787C949FC48A8389E5FED8D2BE893D6D46C332741B1ECD430FC1A0B8A0D42A0CC89C6D648369E617E75A507127900C093DE40ECB1A7DCE205BEE53691CFC42CEDE6693D6EB394E2D76649E8666FFF0A2ED4697104DC92565606BBF962B98E4876725C1FC3AD7CADF8DC9979B1C125DC5&h=83E9295E6A49194DCDFF9FF87633A0316DF1336D073EC57D4CEC793E563347D1&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.pl/sads/tracker.php?ev=c&co=PL&sid=631a77ae97933c451bc82738fb966051&upv=e21c49cb4e1745ecfb71145855b9e80d&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBA5AF9CBF22EBA58806AA7248FC06FDDCD50269573AD3BB399EEF14DC9507C7E2DBB23769CD33D5E69A6F706E3899F5350B3B24C5A98FE9C7CD281CD8C0CADC255F6559EEB511EC71A3B3964BAB93038F0E050D185FC990BDC68ABA00011DFFBECEB8724FC5481B6C293593609992D773EACB7C8A798A1BA36945BAD04ABBEFA45422EFC38B9D95B4B681C00C23F9BD60FA6CB765681F18825E4A3A828C8EADB43&h=FA5FD426CF03DDD6EF25752D5101FD0C011B1082A2C6194E055313CC2366A213&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.com/sads/tracker.php?ev=c&co=ES&sid=a90530cd137b2882a55472538c0d4aad&upv=2bf9354c5780f30f282a1c44c88b2ade&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBAFE42F1DF280BB3E637EAFBAF6CA322F001C4EF20D49D80AD05A4743C485B470087D8CEC94C173BD7F57762E268A06CD8B7535D84675D36377C5B319EF273A8CD3631670C265471A14253F9A337FB9EAD70E3DD96C4EFDC6D15487AC1A1EC2ABD12A7A5C07FCACFE4F2649342EC2544F624CA3C1C25B667EA31420D0844CEF5EABA772886F8C2C302FA4F4EBCA005759A&h=0B923B11111E45E712812B50A8F88460BCFF3AC3155E477ACC2138A873047240&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.pl/sads/tracker.php?ev=c&co=PL&sid=11eca423d67b06d774a00d42c65a392c&upv=484ff98e8f35fe6463e6c5d414e6f455&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBA5AF9CBF22EBA58806AA7248FC06FDDCD04D77E2D466A3453E766D0346AAFB88E7BAD22000293C7BB51B25A97DD3640A9F254CF6B8019479A00C17CFE98DA0127E498D401E482AC27B214DB41E034873A78E120BF0F5F549F4EACEB984B8B286677E1DF9BD321595B4D92A7FD92BE326255C2C7692ECA6B520D4AF1A50103CB5994DC88BC42C0F79FCE14D5CA6D64C1FA8ECBB98EAF146978274F9EF9A0E90527&h=1F01EA157F5E719EC652142EF7412B401B022057595092E21154AE1C8C5FF4A3&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.pl/sads/tracker.php?ev=c&co=PL&sid=41c96af2de58cac616054216a23cea59&upv=5e384ee93da7e395bc31a75a538ce9eb&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBA5AF9CBF22EBA58806AA7248FC06FDDCD04D77E2D466A3453E766D0346AAFB88E7BAD22000293C7BB51B25A97DD3640A9F254CF6B8019479A00C17CFE98DA012763644BC747867ED7840E13AC1096C0AE7AF8759EC4E08148370EB9AF36A91FD7D6F9C41C7CB82DCE49FC1BBEB3CB859BE5B3F766E15C369EFC78A02F94BFA8026D51B2381FC26A98D171441FE50C8ECBD5ED6736DA3995F05092C4165559E997&h=5F940A953425124D252D2A34BAB322982A4F30EC6A24CDCD97B7D8F74021C063&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.pl/sads/tracker.php?ev=c&co=PL&sid=25d77c2295b9d9a3040f98ed2d261213&upv=cd97a627b2f82be71f36b3eef5187dcb&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBA5AF9CBF22EBA58806AA7248FC06FDDCD04D77E2D466A3453E766D0346AAFB88E7BAD22000293C7BB51B25A97DD3640A9F254CF6B8019479A00C17CFE98DA0127E498D401E482AC27B214DB41E034873A6114B578A7FDD3FA7C7465523CB80F668BD823B102D5EFD284D29166BEC0F057BFB9B079CAFB7B6E77E29B4C728BE3DC6E850819BB6379A5A14BDC960814BD1FA397D2378C48FDB381D2976ED4565D79&h=BC0B2D88ED9A6DB1B91FE4A16945B93A3D6843194F43C29338896E3E4534FFAF&directdownload=1&f=79573&d=http://.../3kUrKw

http://www.softonic.pl/sads/tracker.php?ev=c&co=PL&sid=54e8e231558560b20abe4980053e2aec&upv=127314da57e281c6308d3f8a9ec30c5b&z=results&sk=0&abt=&eid=&params=F24F8F4D368AFA5D32C8A90D9EFD1CBA5AF9CBF22EBA58806AA7248FC06FDDCD04D77E2D466A3453E766D0346AAFB88E7BAD22000293C7BB51B25A97DD3640A9F254CF6B8019479A00C17CFE98DA012758C4138C6770AE5BB47BCC17E494740490E459BEEFAE1E962E8665AA362E223570448FE4B2337F896CADEB2A961D185884BD787193B9E0010FE04B4EB890F4EA661678CB262C166FB0590FFA8B09C9FE54BD6653892D2809F11AA7EC1E84A30C&h=CB2EBE79B5E45B49CC271E1C489008A3A2806EC2672DA4498EFF6303ACFC7C56&directdownload=1&f=79573&d=http://.../3kUrKw

Latest 30 of 32 download URLs

Remove hss-3.35-install-p103-365-conduit.exe - Powered by Reason Core Security