hss-5.0.2-install-plain-766-plain.exe

Hotspot Shield

AnchorFree Inc

This is the downloadable installer to AnchorFree's Hotsopt Shield, an ad-supported VPN client that integrates with the browser. The free version injects ads in the web browser. The application hss-5.0.2-install-plain-766-plain.exe by AnchorFree Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the HotspotShield installer. The file has been seen being downloaded from www.bitstagcontent.com and multiple other hosts.
Publisher:
AnchorFree Inc  (signed and verified)

Product:
Hotspot Shield

Version:
5.0.2.9347

MD5:
e81c953898eaa959f9045d2a5235e127

SHA-1:
f3a30bf7d24dc8512cad131b5482dfd8ccc6909c

SHA-256:
27b32b072d90e1a44ec991dd264d99628326fc112b0ae80e3f7e26a20d86046c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:54:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AnchorFree.Installer.Meta (L)
16.6.29.9

File size:
13.1 MB (13,697,208 bytes)

Product version:
5.0.2.9347

File type:
Executable application (Win32 EXE)

Installer:
HotspotShield

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\152e221a8bef8d2d13c58f995563a1a1\47c0f421415f14f8d862257a52076ab2\hss-5.0.2-install-plain-766-plain.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/21/2015 2:00:00 AM

Valid to:
6/14/2016 1:59:59 AM

Subject:
CN=AnchorFree Inc, O=AnchorFree Inc, L=Menlo Park, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3DAA06F4E8BE7B2AE8FC57BA8578B7D9

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:rYU4egLmWqJ71FoNJySHnlJHORF4JY5nd:61qJ7bopHnrHOqgd

Entry address:
0x3899

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, D8, 16, 7F, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, F0, 15, 7F, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, E0, 95, 7E, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 20, 84, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file hss-5.0.2-install-plain-766-plain.exe has been seen being distributed by the following 26 URLs.

http://www.bitstagcontent.com/A5cVf2BaSl9 F ZbuKHbaenQSZzYraweWBt2u C0JSY 3DWLGjtTkosi66YfUzZDwheUkfHuWGPCe3yW RRwcxQn4ADaV0jUQjU6VYeWc8CEKN98tWktKsd1gIyTd6XY0gJvUgWbs7NYaMKuqahv4O3bbFlta_ijBL77RzEvpIvJRd15hBfGXlfRK0htk54b3NTWOX6xwT9U8gWPzzpMMOWOvL7ecj DfKZz4o5KvXDmQhCeEO09 F32e_BeSH6uSJz5ytLzG1r846ZFnNe2GbUQzErstA_FGJdiyVyKpNvlb7WfQePcAbqvaMgJIAr1hO1ndMc jolHjk97RC 9_5ABB sB7sCxfVG9lHizFiqMZCQCREGHsB1Ryy0PvsvWGgUtr4iaNYc0eh D55v GmlGkOk2haGO8eYbCRvrdTWLoCArIcKNt7Cj9z8MlD_Fv_Qk0elr7Eu9OcvgOFUqyhVR0YwVE3r7sD5 y1WtI4iP5t7NFvINztx6jHzgvah2D1VRJ0HeLDR3ZeHRLbNcxfAFRaz ccUsYRkokD0ABi0fS8V79TeJipJfFeC7NiXllkvZVj8NYOLl2Nn1mVx7uvvKy7nfAxcGwNAV6j4pbqnpihtztCbts9zwxqeYBdKCk9eWTdElryAPbgJAqSPw6kxsseakzu8pnnY9MszHlOOt58835P0dUGg4dphrjydCUOq1aQnZfdeowB8Q6Dhk0ugN0Oi1wmd26cHgDAosXn578E4bYyynQxLDSjpOxWKNw4vJzFwSVg0c5w erJWn0IJSR8Kc09HWEIup8RhXWv4hTy0Rgkc=-GzwAAMTaOU7 vfT1w2bXbnFFKeolsAEHTgUSoMzDxpjnKXTijQ0VZI3GdhbNalz29cOtY2L19hJZJHwA-e

http://www.bitstagcontent.com/e35OhOR3ifuhCWIL2r6F15sL6AsjsdKE1M6Ss9UWQL0bjOnMW0ALiQpfijnkn_ZD_HZ5eHliLim9rjyu_LkIF49WU4actMroeScbAhe6XtgcKk3kVdvP3wqssHytlfFeWhZRoDXO7uF7nQkohBIxk6i 0o LTtreF1m06oi3pboXdXTA661nz91fKhJprt_R fI s0IB8qIvCFroQZvDa576QMYwUoAfUpqmkYHumIdBckOP3CBLzMVf8i0N56uo8owSKr8R3fZmNq1Fb1NrqlpHtvS3es6vmKVBgCVsbD9mQP77oFQ0zMMGLGxhTnjdLZvEHmNQtR6xLS68CaxXWuftOTXfBS1jSvt 8QYeeEcVjYVq4MW12x9dgnRG6DzAAlF_Vzcg2vCMD2PZIiQYkv_IDZhrOnE0wGgORnsrmK YPRJLifK5OuphvhJ6mMHT1BGg X4ElJKTpu8ZHI 011QAoE7tm5KT8iw9b4_xy8NrzLAlyu65OMqngJxK6SUzbfdVSKJjeoM1qOIGNy6uykSjENg_jc2RsbuDKjaEwhG4AdzFu2Ky_9A9KwTmcrc9cc8UNsCBB2aq6JJ5_ztd4CRDB3pycSy8Qm5SB5up2e2TKJyUnJ_nXrXgk2a0KscpbXwE6QAOgkPBV SFQgnXCpwFdw7EMhQDiQA3Yrf dsaZoX6I5EJnuz1rmyRGHbQOyCvYf3QAgj_JphO3B8JtGX6UW01YVluXnxEUNhgFFjX_0EAOJMvxSFaPpabx2LUph16VtkzcXUwzctzVZc7rraYEPIHNLWW7DPs6hDmMA4vsr5sprBE=-GzwAAMTaOU7 vfT1w2bXbnFFKeolsAEHTgUSoMzDxpjnKXTijQ0VZI3GdhbNalz29cOtY2L19hJZJHwA-e

https://tmpfile1633.s3.amazonaws.com/download77/ic_trackings/29158/.../hotspot-shield.exe

http://www.bitstagcontent.com/KnYLx_ZHcZG_qud 1talBzXvGBJtt3eQ4qKGRpYb3CNHj5RA8et19q58_otQdCDgX0e7EKLQuqHAEx29AsWG1kMV4KaxDHM5XbMuVCXRYEPBMo4svlHdPemdycM2dmBDaoTJ_3G7EZj9vKpXwyQ a0ScdV8bMSCSvyppDAoegI8uZL0YSrYOnOg16bZhZJp9VeiukA6hGcZUkpOka7KUS7opGVBAheoveArMS R_Eyonl51QkHgOQPMt5XVhiKarBE9v0a27pMAaIGKSHKuNz HShF0WLUFZpUHeiJ 6WsLOk7Et8u5Z4Ne2tVFUAQvxOqyFBDvkOPDD3Ds0_Ph3lfHF0j0 vbJn6gYQeGJnCEpVrrUfXLXC4ZnSYeTh9iv02nYC2FxgxDjYowjzL98RN4TNoSQ3lSU6XZwL52X1KzWbWzlV5k1lhuUwNffoV9BiCcOvspWuu 8yelWmsdpyRCoVHnqX6iZf b4Q7YJjSEDD7Yf_pbXcc5ZP13jn9rp9Ks5jPEP9kiR8IS_00jJ nlaHWefNrMBnIzASGwwaZID_ m4iEgqZ0S0IngTCHZdrPbL jSfCIH5NtZ2iUzOTfl1h5azudtQGR127gdPb1Ken uLLlGQFok6pja_16h8hJ2wJAhS999I9W uHvbp2FrZImaZbEyZJ KkL2mhh_oqiRgWO6AWke95cRolCQguuElm6gpg TGbjgyO3OH0q1RX2xAyvFJQgkUM6EipQPutBaI5_FPReao_kXk_byyDVevhnihJENbdh zkaB0sHdOt562KzoUNEYNVi0RcH0ja6KbHMGWE=-GzwAAMTaOU7 vfT1w2bXbnFFKeolsAEHTgUSoMzDxpjnKXTijQ0VZI3GdhbNalz29cOtY2L19hJZJHwA-e

https://tmpfile10533.s3.amazonaws.com/download77/ic_trackings/3494/.../hotspot-shield.exe

http://download-1.com/softwares/.../HotspotShield_v2.90.exe

http://www.softwaresharetoday.com/7e_2wlj4S_sG_kfJqizjncJhJJE3bCPnbF6KiEC2UocCWRKfpFrMEQSHfJtKL1s6VUmVFsGVKBfEwepKODwMeXMYrFtO0tNln5SSR48Q7VFwL2uJ0kkOiFnage_UL9zyMdap0AyGJDplqo_5eVkHEN DKeysLgp7nUZAXBO4D6hc_NtL0s4t1TB6DWyCfwMz4eRHqy3ki5hfP9K0R68s XhdNLZLP xe6SOIOTBQyTT5h6dPl7fhJLJ9NSagb_LGo0QzQI9ZR97R_eeqtjvWtS6y8OS43SJIiFcmF7n8GgPbdDZW4fRTFfwM4wRBFyr51knZ56LusoQETfvVpWVx4qZ41WG4UWpZ1zlmsjrWZakUkOmsmE4tcsh6CxvU9b9OI7plQKxmJXO3uO4nJLDedPnMaLMdnjMf9EJfBboVrTolYiSzaH0QlwLSC20XK681B6MdXUGZec0W3_zEbMAHlhFuNJ3VJpKUWP1fbb N2OkJBAiln31h4WHKbYMyrp4fx8P0UFm0STE tqRAreIrwqHgD82IXg==-G1UAAGRsXWvfAK5D6 cnYANONQCIKNBB7cy2L3Ke6xLyK9B5XsBYhKYSyXIe64E_CIUjEOALw P0aW70sZzvBZ77YrOS80_3oeCgL2umIsuyqco=-e

https://tmpfile6167.s3.amazonaws.com/download77/ic_trackings/38184/.../hotspot-shield.exe

Remove hss-5.0.2-install-plain-766-plain.exe - Powered by Reason Core Security