» hss-5.1.5-install-plain-781-plain.exe
Overview
Analysis
File Details
Downloads (1)

hss-5.1.5-install-plain-781-plain.exe

Hotspot Shield

The application hss-5.1.5-install-plain-781-plain.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from l.gohss.co.

File name:

Product:

Hotspot Shield

Version:

5.1.5.9478

MD5:

f371e2157f8c913014480e2244181780

SHA-1:

5a2a271c01a4fc3ecbdba2efef20cdc2c665c2bd

SHA-256:

2367b7cb17ef0fb18c7888cdea04e938862492c935c2dc929429f7f3865c89b2

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 2:38:56 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.HotspotShield.Installer.Meta (L)

16.6.29.9

File size:

11.1 MB (11,593,352 bytes)

Product version:

5.1.5.9478

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\hss-5.1.5-install-plain-781-plain.exe

File PE Metadata

Compilation timestamp:

12/27/2015 9:25:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:0hqCwaS8xwlRJTbptlvRuyxtm6VKpC8JySPHnlN5NRHzvJchkDwem/L6f9WVTfL:0k0SkKTTRRuyH/cxJySHnlJ9DIksXLJH

Entry address:

0x327D

Entry point:

0F, AF, CD, 4B, 8D, 1D, 16, C3, 64, 1F, FF, CB, 05, DC, 75, 3F, 47, 87, FB, 2C, D0, 0F, AF, F6, 0F, AF, F0, 69, F5, E8, DF, 33, 49, 4A, E8, AA, 00, 00, 00, 8A, D3, 0A, D6, B1, 65, FE, C6, F7, C1, 8A, 5C, 7F, 41, 77, 02, 03, CB, 0F, AF, D0, 2B, D7, 69, F7, 2E, 45, C6, 64, 8D, 3D, 7C, D0, 00, 00, 01, DA, 3B, C0, 81, C7, C3, 07, 00, 00, 8D, 0D, 1B, 07, 25, AB, F2, 33, DF, 86, C1, F3, F7, C2, C8, 2B, 5F, 1D, 83, E2, 00, 0F, B6, CF, 46, 8A, E7, 49, FE, C3, 69, F1, BC, D0, D2, 84, F7, C0, AD, 36, BD, F7, FF, C5... 
[+]

Entropy:

7.9952 (probably packed)

Code size:

24.5 KB (25,088 bytes)

The file hss-5.1.5-install-plain-781-plain.exe has been seen being distributed by the following URL.

http://l.gohss.co/welcome-windows

Remove hss-5.1.5-install-plain-781-plain.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.