» hss-3.13-install-e-548-plain.exe
Overview
Analysis
File Details
Downloads (143)
Network (1)

hss-3.13-install-e-548-plain.exe

Hotspot Shield

AnchorFree Inc

This is the downloadable installer to AnchorFree's Hotsopt Shield, an ad-supported VPN client that integrates with the browser. The free version injects ads in the web browser. The application hss-3.13-install-e-548-plain.exe by AnchorFree Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the HotspotShield installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts. While running, it connects to the Internet address 74-115-2-220.anchorfree.com on port 80 using the HTTP protocol.

File name:

Publisher:

AnchorFree Inc (signed and verified)

Product:

Hotspot Shield

Version:

3.13.0.19373

MD5:

a6deb6468c8b0ff696cf2677e0383be2

SHA-1:

604223ef3141174e52e7cbe961b3b6c09bd6d2ea

SHA-256:

9fe0718d7f4e27728961b6a13b7d25db6705e39807eff2f3c7970ffcde577a61

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 5:47:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.AnchorFree.Installer.Meta (L)

16.6.10.9

File size:

6.9 MB (7,224,824 bytes)

File type:

Executable application (Win32 EXE)

Installer:

HotspotShield

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\hss-3.13-install-e-548-plain.exe

Digital Signature

Signed by:

AnchorFree Inc

Authority:

VeriSign, Inc.

Valid from:

3/28/2011 12:00:00 AM

Valid to:

4/13/2014 11:59:59 PM

Subject:

CN=AnchorFree Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AnchorFree Inc, L=Sunnyvale, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

68A4A0CC448443C288A22A91D7F82126

File PE Metadata

Compilation timestamp:

9/9/2009 2:22:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

196608:hfcpW4j229AvEgUh42lZ974oySPHnlRzS8CJlTpl0F:h8/2oAMgUhtlL1ySHnlIRJpl0F

Entry address:

0x33FF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, B8, EE, 7E, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, ED, 7E, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, C0, 6D, 7E, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, F0, 83, 00, 57, E8, 23, 26, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file hss-3.13-install-e-548-plain.exe has been seen being distributed by the following 50 URLs.

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1438909504&Signature=RKIsf8ULOvG89BqlWuiDXxYxNJBoo68nuOK4Q9aqAuEN-EKe-ItVsFuDNTd4gM4cRpti0WVmEPioiNXRD~qTx63yWpKk867hN3Z4wj3GRzOHyCetYPtAZ4bVhxmzCXG0pfJmAF0~jiDsEqvzoYzdwzpqKna~58VxQBF0bRvx90k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1425504302&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Y~NUL2kcgN9kC6xK2~GVN2pPyjKbO01VdNUqF2MrPnwnRDuukItlFBSb42G3h~OELoYEO83zIfjrUCJDNvCFYaSOmbngdMX0Sv1wTs9iYx3wWZGsP6E4SbuOP7tLHzBbh8PYrAuZF0E4AjNfdMsFafLmUObwcDr55QOByMH-JZI_&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140115135744&nva=20140116015844&token=0feed1e15f6c3c364c8bc&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20141030115904&nva=20141031000004&token=079e1d1975e4648cbd062&instance=softonic_en&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140420130338&nva=20140421010438&token=03636d2849289b13549bd&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1443261966&Signature=AQc94GDdGWcsGigQhB1RxTRlVeq0ulkxwAd-VWXJRBjamhMcu6zkBUN34A1jngSJtjxj8D7saPMPPXGqaRbrKSveDXERqEOiU7SwPZbB3X0VSvMarlnq2Fs55Qpxf2Yt-Hr0~2fR9ZsxKvLW3Tn7Cb50cqKMQgclZGaBGtvdZIU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1436498996&Signature=T9tztmM1PLXuCJhQ3FLUsOTwlcAghMBesdvENGqdUcrR4ksnVT2ZC1C0bQyQg~h4VRHu6y4SFJtWp~ELOZ78HxK3UjC685IM4t914e5yLWkFuDlOjDzVgui1KzhTTjLpDWXfSxpL1yP4I2fD3NV5oWzoAix9-WAF6zw4Z4iIcm8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140811023731&nva=20140811143831&token=02be234b2dcba2c61ebd5&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1430283734&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=EhSPEyOwEOFTrn8bIJfvkJVV81A3Rpj0w8ZJifq3qsHWnrJc8hUaFBr6fK6vQiPtbuDWiPylvGSUM-QJRTL1fIxI25-1hGI-jV-5cAbsx~~d9ITUgzCqiXzcNROvhb45PYvCcW2y-sbgExRC0uYU7ct94nHV74LL5GdCHsdfMFc_&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140720174048&nva=20140721054148&token=0b3e9382837c0c8959340&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1425766287&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Bcwn~uJmtXiI7UN6Bvwxukx1BV0f0wgh356Ln6pl3Cc3jofUaDkOkBK0Qetiv3pjxPK0rjcgZeW0PCQmjZUEkRWx26XMk5xke6Bb90yh-bHDS7TVsqk06l4S6Ac3npj8kMyE0mh5pG03uiA0P45bLe5U0qw~WOKLKjrKnjcuZJ8_&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1432160745&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=FDlt6xKR4ONU1XeH1OYSz4SjVSZpDIy3FH4kyOJB8s-whsMVg2G9ACs-aYeB6Ix0FNeFj04FyGsNyP9~C4z2O6awMsRseVhxjVqLC67QaI4fY18XWoksosiI4lbzTFWTfNOzvR9yM5qEbOJLjelnyWDnGTmiFHnTM5gATpUO1VY_&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140502172143&nva=20140503052243&token=01ae434cb95acf8f8ae26&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1431277083&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=QYKfJrre3LtYL3s4xgdN4qmQgeWTR5CnGmzz3MBRFv9ob4f4hPu5U8IAlPfOm83UdlL3poEbeF2fnxEBwv3L-rnJXvLQbr~3oH3aBYMTcNvI8hyk4jmj2tpMIKOihXA4NCzoDzhvfCRmOwQJ-dCBtgi0Lhj0q8GCds0CxakANlw_&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140728054459&nva=20140728174559&token=06fd6bd2627b65415eaf4&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1438592373&Signature=Epu-iXnCTveaGV25EExPBj8oPg~wSHdCvZGKRJZOzPlDiixIqjnc9ad5QMg1i1Ehfmolk-ZJ80NooEsypdRnjJGcGpwzjmahj5Ol9NkfN2gZsCeojbQlXDvAloM3sRgarDZrL1fK4CwWuiA7liOrQtIiw7MwlG3YsgmkPnRtVxg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20141201044409&nva=20141201164509&token=0fcc09218750719d515ac&instance=softonic_en&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1436753296&Signature=aMAtV~93GwBg8Xq-s-aJRXDNe~vl~Kr4-lqAp9lC22LCFSjF3OoxS-ifUsg0yJwm27tQsP-ktKdnCbtHNEyDLjeEm1taLtVFUohrNyGTWXB3GoE2H3vptCv-NCl4vs5IXloeUySc5MpFNM5r~65PAS856bXTcIiFvd6e8uc5~gc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://www.filepuma.com/file/1477069725c3895/hotspot_shield_vpn_3.13/.../0/

http://cdn.imdownloadersuperbfiles.com/c?x=ySnKUoJ/10qK 4Lu4 hAbXH3fu/TiVsqUfn1U53x16E=&c=J0idRpEe5dMDBBiV3zvEw8glWsVyT28wrD1yD6ytspo d4sBJekr9zvfJ 5TmhiSiBFMaGAmmDMChFoXMRCa8Q==&fallback_url=https://secure.inndl.com/.../hotspot-shield-elite.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1437334275&Signature=ZIiFitUG2tSFtlu5c8ijtRFdPh3Qp7i2qLRMydQt8aNHAL-5zHyVga-pM1aKLidIWUGCg2~dejrE2q4gGnKtm3LocaNn55ALTp2VjNpFvagGtYzdC6eO4kWTPtwLkB-q~rW81B4yamws8nyYV7k-1T73HCfaGbB6dLvgLnt0xCA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20131120204957&nva=20131121085057&token=0cd2b24b05dccb2c331e0&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1442995591&Signature=BhqEzgDlgIZIcF5SPQZ1CFCUCrAovZbmDcpA44IdqbR7ix0R4-sZcYX-3Lcx9CmcYvlRsx5aHAxIMtoC7d39sJcoinF8LVbrU6R9dZ6pW~6EHbvR3dMFDz3t6~kRFH6uWQI8w2aZryppQgnIiovtO7iEjnDqFaNL~6Obs5mdono_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140422141219&nva=20140423021319&token=04827eba5a7a44c7aa98f&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1438999793&Signature=WrdVf7qwcHHQ9r2IorBaLIhSXlNePUH0kHqtzu0MHRbRLulLIAuP9~N4dcduU4w0fFvz6ZCRljzccbh8fRWd6dxRA8fT1D8DzmJh7Nps0VPpMjqjOxRFo0xehm7MehNDDJV4cFMSrMxd3k5jWiDzE0xb26WqhaVuitl2k4TvCBU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140311113523&nva=20140311233623&token=03caef2701b8afce56974&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140814120120&nva=20140815000220&token=0ef9202eeee310a109d0e&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://global-shared-files-l3.softonic.com/604/223/.../file?nvb=20140823153939&nva=20140824034039&token=0185a35518a2b2aee66d1&id_file=333961&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=no&SD_used=0&filename=HSS-3.13-install-e-548-plain.exe

http://gsf-cf.softonic.com/604/223/.../file?SD_used=0&channel=WEB&fdh=no&id_file=333961&instance=softonic_en&type=PROGRAM&Expires=1442607744&Signature=Xbmwbo4dxZHPOvjY-Cz0X~Ub3e9BTHtIv40SMr6mDxB~G2BNGWKo2Yf5D9XZ0U9D0kNhUJMzHdt0tzvGWk90fWnzp8omlf5ZmfCAlS0cYbUpUXB8D3J8lImt9aL~nZNhVZcQPuUSf30yKkYu4IlXk8GdtrmyXYsej1HOyNu9upI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HSS-3.13-install-e-548-plain.exe

http://nl.inncdn.com/download.php?os=&icon=aHR0cDovL3NjcmVlbnNob3RzLmVuLnNmdGNkbi5uZXQvZW4vc2Nybi8zMzMwMDAvMzMzOTYxL3RodW1ibmFpbF8xMzc4NzY3Nzc4LTEwMHgxMDAucG5n&desc=QWNjZXNzIGJsb2NrZWQgd2Vic2l0ZXMgaW4geW91ciBhcmVhIHdpdGggYSBWUE4=&name=Hotspot Shield Elite&domain=hotspot-shield-elite&ss=&lang=en_US&url=aHR0cDovL2hvdHNwb3Qtc2hpZWxkLWVsaXRlLmVuLnNvZnRvbmljLmNvbQ==&version=0604&graphic=1

Latest 30 of 143 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 74-115-2-220.anchorfree.com (74.115.2.220:80)

Remove hss-3.13-install-e-548-plain.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.