hss-5.1.5-install-plain-773-plain.exe

Hotspot Shield

AnchorFree Inc

This is the downloadable installer to AnchorFree's Hotsopt Shield, an ad-supported VPN client that integrates with the browser. The free version injects ads in the web browser. The application hss-5.1.5-install-plain-773-plain.exe by AnchorFree Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the HotspotShield installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
AnchorFree Inc  (signed and verified)

Product:
Hotspot Shield

Version:
5.1.5.9478

MD5:
505b067d218b7dfd7b96222e00fd6c6f

SHA-1:
4e0273ad9b8aef3092e24ffcfe7e93e8fe9d23c4

SHA-256:
102fd6c4dad7f08ec490169e995f5655b0a65a63ee04284fddca9383452988ea

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:39:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AnchorFree.Installer.Meta (L)
16.6.10.9

File size:
13.6 MB (14,214,072 bytes)

Product version:
5.1.5.9478

File type:
Executable application (Win32 EXE)

Installer:
HotspotShield

Language:
English (United States)

Common path:
C:\users\{user}\downloads\hss-5.1.5-install-plain-773-plain.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/21/2015 5:30:00 AM

Valid to:
6/14/2016 5:29:59 AM

Subject:
CN=AnchorFree Inc, O=AnchorFree Inc, L=Menlo Park, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3DAA06F4E8BE7B2AE8FC57BA8578B7D9

File PE Metadata
Compilation timestamp:
12/27/2015 11:55:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:w0SkKTTRRuyH/cxJySHnlJ9DIksXLJoYaPyX+a9:jCFRuyGHnr9MksiY15

Entry address:
0x327D

Entry point:
81, EC, D4, 02, 00, 00, 55, 56, 6A, 20, 33, ED, 5E, 89, 6C, 24, 0C, 68, 01, 80, 00, 00, C7, 44, 24, 0C, 00, A3, 40, 00, 89, 6C, 24, 18, FF, 15, B0, 80, 40, 00, FF, 15, AC, 80, 40, 00, 66, 3D, 06, 00, 74, 11, 55, E8, 51, 31, 00, 00, 3B, C5, 74, 07, 68, 00, 0C, 00, 00, FF, D0, 53, 57, 68, F4, A2, 40, 00, E8, CE, 30, 00, 00, 68, EC, A2, 40, 00, E8, C4, 30, 00, 00, 68, E0, A2, 40, 00, E8, BA, 30, 00, 00, 6A, 09, E8, 1F, 31, 00, 00, 6A, 07, E8, 18, 31, 00, 00, A3, 44, 8A, 7A, 00, FF, 15, 44, 80, 40, 00, 55, FF...
 
[+]

Entropy:
7.9963  (probably packed)

Code size:
24.5 KB (25,088 bytes)

The file hss-5.1.5-install-plain-773-plain.exe has been seen being distributed by the following 46 URLs.

https://dw.uptodown.com/dwn/0q5sxWNluw0zvZ92R6QtXapGLQhZxOru3KL7qJxMePhhu5_9wP_Z0QYeQEnwrSB0XunrSQig6IO1_C9cddXZenl89Df2rlZzfRLa44qjc8mxPn0lYG4BBWzJYkiKEWFw/mqN_0faPzbNsCSeYJOutPlt_IQfy_1jU8rHzAPY-OrCCtCyJEJgacgDHyYCK0Zfis6DVnXt4OnUFg0f733G6FUrZ4KkbsQXs3vToZ54pFRo35dz9_hwGhl3u7pxpRX4w/V0qL8yHmFkQ03lAkKPHrXJhd-Z6ABYHgzoca0JjZ98fEMjRM_c1f1ABf0R82Ync9lcD2M6lj3TFWc_wzbgpf7qGrRGUOuGS8cNe8bQM-221hLN8NnN4-jEOeC2wTQPjB/.../

http://s8.dosya.tc/en2.php?a=server/.../HSS-5.1.5-install-plain-773-plain.exe&b=2586281f1d8da141ab1ad94d1887b415

https://dw.uptodown.com/dwn/XJSujwt0yYKzU8K6qjHmQeTU2NO3QT9pzsx-ntpeeTvN_Kq3j0pGGInOA4htMyKO9YaAiPoawv1-v6hshw52Xc4xQ1xMsANxc6hQH2AMzHoTDRUNYJVpLB2_HmimwBe0/K1lVUdmvb8f0M58h3mKLQ7PLltDHRWRWl7vhwHie5_HsUpatrSo2cRTzkAdqzYY4otnpV6N_bxbeGSixKFIUJQSdkBLmM2oCjDf2EJIGP93q4KuIQw6sd50R6kVHvzQA/4YkOnlsCD3UAG8vq-2Z7viRvFsBhVTAgfbeobCT-VFf6ly5xhpMJqVjcgiDxL7jHwIlFZcfKDfI8DoaeZn80AZ4WI5IXKgBPWTVOs459N1rGcDIiorSWGbu9_Do1vWEc/.../

http://dw.uptodown.com/dwn/Zlp2PKbFcJ2eujg8E_Rg_thWin07pRC0m_707bz4S1lRpSkTmoQ0GIHcMltIxf9UsAcY-wLuoIf0ImWoBLxCJzHJNuPcsc9ljwN0cuaq8wmG8Z8Afk8OepQ-doXUsFam/0Bigz2USEloj5xGj99TCw-51wh9wCORbDi1hBypkAD3LjjHJZ0TalyL_9KlwAybEHC0KBhW-6GsASQH9680pW4mutbN8vJA5Rp_8FAXr_zh5mxBTOicIsmWDZjTU9SrG/.../

https://dw.uptodown.com/dwn/J9Gxf-5StWV7ECO3LYuxwuJUhwtT0b_YQ4XeT5p-0_-5dFzjMF6_dz8HIIf1WTaRRwbJMVP38imkpOvLOfHtytB8tETIatTB64ls3xPbGvwkDtIWogRNyqQgQsTkT3pU/3d5nK5xulnOPJfakKHO5vQXe9Ao3pYJGmz3wAWimBG_k4FEMsUzdV7BXsrV2zivZHe_m7ZCMWL14Jp5qji2YcsRsZpV6Ux7Lk9__7fEXWqxI_IWRBHBkJE46I9KVqX4G/j8RfRteaez984DiFtDDR9NkoG0qS2fsnNRuxQ5gjxoEdrnCM_GSPLnURGMf2H568XAnHHqkDJxSb6YG3HGeZaJczQpJTpo1HEznxTE2Ir84tsVTWR-9Hl53sa_JFyRYD/.../

http://dw.uptodown.com/dwn/WJ7Se4DFmcM6hyuDTX0c38QYW2nLg05Mbxfr5iMuiX2NSmPwRWzxp2pniPI778jB2A6nHCPXfkBZlOThbwPynKOuzNjcHBYAhudsOhsr0f82eSC0XYo6_A5MH94ptuFF/kpw_cfs51BFL5fZ5FTN_7oJKaLVFeTPWmqaJPFDTzLgq7Q2zQy4k7P6soiM1ccY18eJIIE7xNx4IdXn7aQxkGGwXa2sgb8cnAYsWOk_0wtj-YBEMwOowAO7jZidfuxz6/.../

http://dw.uptodown.com/dwn/iHy1HNpsGNotdpaGrup5Ro_NaBKNHF2U5VO7EyDcKI_GcW_bnM6RwyFAXwbvdW81ED_z1UIJV0ab7C7Nei2ST_-1rc3m7Byf5H3c6VKwnGJHpCsrg8uzt9paAuAzig9Q/XJYXykM-E1SRIvI5ueUl3dR1SzEsT7ihZt89tGbJet4h526yxr5zHX44SRAvyNBWbLV7Rc30dQiiUd3Hh-xKzP2oNuMilavtSn74neEWfZjY9gSFEw4-rWdCqLXkNXSm/.../

http://dw3.uptodown.com/dwn/laz14aLJfwArD8g6H_KfYGKSbxocnBzWyW7byJTGmtTs5Z_08RFmBCLZ5nwt54u8i5y2LKVw81Woau8Gs3NJKE2QbRH8_8wb6EKJFgWZqJ_CoCR5d1SWMatjuWPr0aSE/Z71uW1h8QwcHhO3bm53HZRTVyECuswsK8HPSMpgeUBgtaDZrqMBDpyDzjTZn9MyUfslQYvdd8LZbNtH19nEKaP0_uMuXKqeQJA9GbPzVTWpF5Kq2dQ2LN6SR2B4tGuFC/.../hotspot-shield-5-1-5.exe

http://dw.uptodown.com/dwn/XCWDq38OnamwoCPVHK8AleXS9OAxj8DQpMwER5Hfu-Qa6oasDDrRTd2DrT_MmOOSqVxqBuvIAAX6u7oiUbG5pAHZkrlkw8fgukU03w5JvDSKw1rsZa3pE_V8EThiKkWL/tcEMsR_DZrTI49KYsJN-60oDltA35Yx5EfONPYSplJ8yAx2sLuvQ4pdUTQ_jNhImVI_WlIN3FdCNLdUjZjxrZb4VpvgRVuDatr4yXvqojD6TgiuLoXQo227ZX1UKxOkm/.../

http://dw.uptodown.com/dwn/dvZQQU9UJDDCVvXGMsiXtAc48nId6TWPqBltefdCM8aedkURBfBIftlL-Sz9s1NqHY_0bU6wSKbzhYvlQjp6hnCKzpWzuAJtl8QlkiOjMHxOwMCbxaTOlZhI_6ltOwSR/loAV2vK1IQ-Xg6qW_UZ6jsZsncooR5-O8VRnTftKeTmWxYw1VrnKMLiGdfe9nt1ZTi81ZTYMzXOTdg1L8okKtYM-zC8Jd5KPwQ4XfFpBLnSiFbV5qQvEuN7qDkPcRtuK/.../

https://dw.uptodown.com/dwn/xJtab0cuLVV5C0Mfilze6vXKkH1hlNvFxLst1JDWhir_LQQqOuvSJYvQmB8x8KXrW9shRo4t6nZkthmnnrZd4rmoyiLgDrCcW7CnteFvGwtNdol2XFMBurEYdGGjzxBG/7DWYBx7DFm5vbbWWB0ebCqpVWbujiTKhuZMUdTe409mxh4pOfnFDDnUvBlir-56APNmoGZplKOxsyYkDa-nvC-m7XrL-xjP80VJcrh3zZ_x0aoWeQZDOcwH9tWR-aJXN/waMLo2hOPdJNQQlzmSaEm6tMNRLx9_Dw3odVEleVsRfGgvphy0-6jV5jjzZF7P7JsK7Xqf95FNL2Gm2nak6IRMgnLT5YDvSKJ1MrtOKy2S-1dgkIY_xhvUFr7sIP36rN/.../

http://dw.uptodown.com/dwn/sQ-SSTFeRySAImXnmnXgaYn8ZWS8eVUmZ1YLg3TKrv_q9oNMbyXiD4F45k6pDOQyCGhakEpZRw6NNsBHPQIpdKyb7RHTrZGVgNXg61aolygptEnX1vSWy8a8VbWKmTVg/nfmVKmDU4m3NfqphCfQBsFJV62R8Sa-cB9IjReAzsLgSqRFVBOaTk4aL9gCpHVXPSb1PJVjYdAaS6Yt7QQaeonlbX8vIKboR9lDXvZW9G9OmV5lKZ70Q1e5ZJuWPJpVU/.../

http://s8.dosya.tc/en2.php?a=server/.../HSS-5.1.5-install-plain-773-plain.exe&b=912b2ea14fa34bebfcbe1cd4a4c6055c

http://dw.uptodown.com/dwn/_1JzyI5e1iDBtoSFYqKFjtFYU5IEkPV0xHo8yWMJfow2l1pDZ-Gm5ILR3CGorKdCfDt495wb0t5k_f91MArd6O4A2gTwO7oWVAjhjdzo9nNqLwo1WlNQ0_eQkBISBIVr/wBFqZR_Z1ncQWxHoYhthXEvBWl8eUXCNUY18gmkAone88hjRVgdljirnGWEqzavasmnw6W1SxQtGWYBFOfonmVtGL_FGc4yeO4g-b8x2GsWj6pMqGNgJngVZkATyLF_s/.../

http://dw.uptodown.com/dwn/YZJktxvwm_pfmAWuLrOOe4HAwD2dhRfeJeuUyE2AcTDQP19Z8ij-NxD51KycCzGTiKRV217YaT2LrWnjvXi1gCTF2NHX5f9G23tJz_7YOTEMmxOn2COc5ClDHONDqYQX/Iaw039BsOX4Dwo7YclMCn7oWUfrVRkGXSTh30ovP5HWh9CPc-8cf4UO9BZroo7i8cwwGp0xSICUBSQ0kpmajmbVtzkR8pc7tMhhxLUhFotkow0-GSQQqhfk4UJ-mgVRQ/.../

http://dw.uptodown.com/dwn/jkPH6h34YwfD_EonwFkpWHVZ3BoeqAPl-HtjeMERGma_aNCzkjApTEqKKuiaNQMihg36fbb98sMXXrJIlaTFz3w_XF1iRzrAKpNzDNQs_Eu6UPBGP3CF0gbx6S3tqZbP/BQftcAQL6T3lu6VCTrF05he7z3AtE-168U0rF0PgfKl8fgp9DakG7e76fF2UFlAc2d-MaA0J9a_c90wP649qdN7nUQoWZdrboz1pfLgARZ-vuo-nIY0w9snFGMBKL3S2/.../

https://dw.uptodown.com/dwn/_BqNSxkodsw4qlWX2Eds5a7wOEzusRVKl77tJXBG4kgqgnKn_KTFa_OxfqvCIua2GwKqSwZuH85Qb53q22l0m9tDkwR65BbkSDsZx9FX38Q39o2iEMWEt-q_zd4QNTx6/Z2rxcnQpCSSffGSTpA9Z8DJDIkYB5A73XmiSC6UjdIZ9aYl0knWlnle1IaZ4Z_kjiSoSLif7XHoiL1W6l-BK0W8M0y94nz-hCu_Oo9qtTKVWqcrE6qT3c6Tl_X3ee33G/kuJLwaZRfX2a3rKjrq4fBSWjLJb2v_5hBadMsty1GCs8sGp_Z5MZNGn2rdVwK38ZJYh8KAa7lggeL8gH1FcLU-ibDQvxGQTEbJJ0CYn-1TA2W-VYIjV35X9XyUpOCObs/.../

http://s8.dosya.tc/en2.php?a=server/.../HSS-5.1.5-install-plain-773-plain.exe&b=8b56a13376e7dcc02ec9b859178f043b

http://dw.uptodown.com/dwn/TD3U-pnTGeVNYbhAubdcatw4eGkP3LKk_Ty0kMd7vys691voceB1T5L1IWsGtil6TYoJQUphR8jOK4p4xIAl18BdigXydZvAW79s3FiC7VfLCyUCLW2EaSbZ8_G9-MCA/d-gXsGqThiLMXvBdwQTSmedk5d4RvQ-LHdH1zUoflAt6yJCV5LHeMJBpW3J0UXLmtNG0RsLiIznhodm7uTdvM6VyGPbCHzkSZGjB5jL8iBUmIHI9zWUUEnuehu8bxHIJ/.../

http://dw.uptodown.com/dwn/cj50KZbVBnXb72hdIzhcJSM5xxQFunngp_AJicnjr-g502F3ok6kAtmKRZq6xCMNCVX77NR-rPI870hx8iDXJXYl2ka9HBU_SGTQ_P383OmeB6LTfPdVG0Bd0AoLixJ5/loITxsB7VIWxMWkneuNWtnGe-H9HWwZuS9UP8HeuWfXUdVtYk5JDVMDT-y9LTJdJ0vpZuCExwcv_H9QxfYFr1f6MATuia4C2nntch0hscB_DCiyZwhpLwulLyjNXODOI/.../

http://dw.uptodown.com/dwn/MC6YfhAiNxcAuLVYAYNy6VTY-5it4T_3c5A3jd9XtqY5OaEOJfGV6BeZZE7OxVsRgu2V5eJIeudPMVUiZoL-4JJNGLFMbqo5uXjjLInQRkuoPcijYdznbgQGksqvmnlK/hINXr0q8Iy_-DRuTnEf93IRURpTcRo1pd8bVUkPGDDyhLRuWG8PgPhfcuSlQVSHp8TCwM8T_oYva_EcDRtHbOqp1tl2gOceJlcY7cMEjxYJFwbASjVxx6U0UcaxdcvT3/.../

http://dw.uptodown.com/dwn/MRK9dS9c0e-V8Ov3A9yedIJ_d3viec6ZxMjGp-g6Tt9jzGtVQ0E9oO9JxjrX1mYxIYrGO1ScNxvRXtNf-I0e-HG899pMrH1dOTX903mhqLnJbeUZodYh_qhw6x-RD_YD/qXfe97NLodbhrhUMldfGa6TfGvvEL0K2FYTwsR434qQuOS7JyQRa6-1EhxlAuDL2B1F1TvU6ymegCLMB9Rngsf7EYei6tmwiXu7supXINXlnRQ0zGz-0WHS0E5HbZRfS/.../

Latest 30 of 46 download URLs

Remove hss-5.1.5-install-plain-773-plain.exe - Powered by Reason Core Security