» hss-5.1.5-install-plain-781-plain.exe
Overview
Analysis
File Details
Downloads (1)

hss-5.1.5-install-plain-781-plain.exe

Hotspot Shield

The application hss-5.1.5-install-plain-781-plain.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from l.gohss.co.

File name:

Product:

Hotspot Shield

Version:

5.1.5.9478

MD5:

5c2734cad6c9692fba6a34107054162d

SHA-1:

e2f0cfa57657200783510e46622ac9ade3c3a787

SHA-256:

211a43b93b5aad6b43d45cc2c88630308764db94a5ed3d7d104040adf2f55e32

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 8:03:59 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.HotspotShield.Installer.Meta (L)

16.6.29.9

File size:

13.6 MB (14,295,880 bytes)

Product version:

5.1.5.9478

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\hss-5.1.5-install-plain-781-plain.exe

File PE Metadata

Compilation timestamp:

12/27/2015 10:25:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:I0SkKTTRRuyH/cxJySHnlJ9DIksXLJoYaPyX+ak:rCFRuyGHnr9MksiY1o

Entry address:

0x327D

Entry point:

30, D5, 0F, B7, CB, 80, F8, 83, 47, 2A, F6, 84, D1, 89, C2, F6, C5, 91, EB, 04, 38, DD, B7, 12, 2D, DC, 05, 00, 00, F7, C5, 8C, 6F, B6, 31, C6, C1, 7A, 2D, 10, 16, 00, 00, 0F, AF, D9, F2, FF, CF, 47, 0C, 72, 80, FF, 44, FE, C1, B3, E0, C6, C0, 65, 85, C7, E8, 1E, 00, 00, 00, 8D, 15, C8, 27, D6, FB, B3, 4A, 29, D9, 87, CA, 05, BD, 9E, 00, 00, FF, C7, 8D, 3D, 8B, 41, AF, 8A, 2D, 3B, 07, 00, 00, 5A, 8B, F7, B4, 9D, 47, 85, D6, 73, 04, 85, C7, 21, EB, 8B, F3, 76, 04, FE, CD, 88, F3, F3, BB, F2, 28, E3, A1, 22... 
[+]

Entropy:

7.9964 (probably packed)

Code size:

24.5 KB (25,088 bytes)

The file hss-5.1.5-install-plain-781-plain.exe has been seen being distributed by the following URL.

http://l.gohss.co/welcome-windows

Remove hss-5.1.5-install-plain-781-plain.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.