home

hotspot-shield-5.4.11.exe

Fucelar

Bibado Investments, S.L.

The application hotspot-shield-5.4.11.exe, “Fucelar Setup ” by Bibado Investments, S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bibado Downloader installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.applicationconecptclean.com.
Publisher:
Bibado Investments, S.L.  (signed and verified)

Product:
Fucelar

Description:
Fucelar Setup

MD5:
b36b00f8aefc48745b99cfb8637d6bf0

SHA-1:
b15390135dbe3930c91d9eaf7270282caef8ff3a

SHA-256:
18c2dfdc0f020a0f242ac33d5ba22f1d49d011c8bdb80fd037e577140ae53c7b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/7/2024 2:49:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.1

File size:
1.2 MB (1,257,264 bytes)

Product version:
4.4

Copyright:
Application Lite File

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bibado Downloader (using Inno Setup)

Common path:
C:\users\{user}\downloads\hotspot-shield-5.4.11.exe

Digital Signature
Signed by:
Bibado Investments, S.L.

Authority:
GlobalSign nv-sa

Valid from:
1/12/2016 4:57:03 PM

Valid to:
4/2/2017 12:32:01 PM

Subject:
CN="Bibado Investments, S.L.", O="Bibado Investments, S.L.", L=Alcorcon, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121212301396FAE08B19C17F8D9578163C9

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9842

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file hotspot-shield-5.4.11.exe has been seen being distributed by the following URL.

http://www.applicationconecptclean.com/JnXg9nqsy5_9 P4mBzSy_xekS2wFyS7LhbqArhGoQkQKtv9IzB_lZ V2QGslPuJc6e99JRii U67VY1zSYPSRv2ZUXd9nqMzWbHAl7O9Nuui0qAEtxNoFmDwF3LvjhndfKD9VlfXZjTbYhbUt7BQyrvEsDFXhJOPqip5mTUJhcZPC27wIUHpN7_Sb56MgdJQQDc3nHoiY1aEqdeMZAqFcPla20m7thW2ZmYnfJHwX48c 4uXZjzYI7ChM0DLf4YQKRt5AhVSovGUqDAUMB0E6V7pBdJPE3kM14zOF0TzLAsTAVevCKLIJvEBZClj0QQDi6DL3ASc4cFVyNN41fH0SxTLHUmxqeTaA7JJnm2CUOWaj71DM6tHz05v9YX e9Q4DfjN6rYbSuTgJQ20_iD5vqV37Yg2Yv6PGFao2S0mZWH u4bsyF4ft5CCQ8DHXa2oFhn7XGCnlHMZlk0GoGarAFu8nAr5JFkVr6HSes30jLjzOqPgwmJI6kKkU7o_nHATfKtNU3TIt52hRQV DWtePQK4DVo2DB81W8vkea9kZ3G6MOeH8a19cyWCW7nteZttJVocNI7MwtvZZntLdT4sRR5q3fb8XV5v6XX8RQGEyeFjt5ZyPQg=-Gy8AAETdFtM9aHio9ockePiDInygtiGizCKRxLZPB84SWX8ORAroY8 kG7tyVyWRVuwZ-e

Remove hotspot-shield-5.4.11.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.