× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e649d45529e8b29293a69d9469c095ded6dae20ad404c2dbbbad072e6b3341d
File name: BQADBQADNQADBjnYVR5Fk6XT6T7iAg
Detection ratio: 0 / 71
Analysis date: 2019-01-10 16:22:19 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Acronis 20190110
Ad-Aware 20190110
AegisLab 20190110
AhnLab-V3 20190110
Alibaba 20180921
ALYac 20190110
Antiy-AVL 20190110
Arcabit 20190110
Avast 20190110
Avast-Mobile 20190110
AVG 20190110
Avira (no cloud) 20190110
Babable 20180918
Baidu 20190110
BitDefender 20190110
Bkav 20190108
CAT-QuickHeal 20190110
ClamAV 20190110
CMC 20190110
Comodo 20190110
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190110
Cyren 20190110
DrWeb 20190110
eGambit 20190110
Emsisoft 20190110
Endgame 20181108
ESET-NOD32 20190110
F-Prot 20190110
F-Secure 20190110
Fortinet 20190110
GData 20190110
Ikarus 20190110
Sophos ML 20181128
Jiangmin 20190110
K7AntiVirus 20190110
K7GW 20190110
Kaspersky 20190110
Kingsoft 20190110
Malwarebytes 20190110
MAX 20190110
McAfee 20190110
McAfee-GW-Edition 20190110
Microsoft 20190110
eScan 20190110
NANO-Antivirus 20190110
Palo Alto Networks (Known Signatures) 20190110
Panda 20190109
Qihoo-360 20190110
Rising 20190110
SentinelOne (Static ML) 20181223
Sophos AV 20190110
SUPERAntiSpyware 20190109
Symantec 20190110
TACHYON 20190110
Tencent 20190110
TheHacker 20190106
TotalDefense 20190110
Trapmine 20190103
TrendMicro 20190110
TrendMicro-HouseCall 20190110
Trustlook 20190110
VBA32 20190110
VIPRE 20190110
ViRobot 20190110
Webroot 20190110
Yandex 20190110
Zillya 20190109
ZoneAlarm by Check Point 20190110
Zoner 20190110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© AnchorFree Inc. All rights reserved.

Product Hotspot Shield 7.12.2
Original name HSS-7.12.2-install-plain-773-plain.exe
Internal name setup
File version 7.12.2.11061
Description Hotspot Shield 7.12.2
Signature verification Signed file, verified signature
Signing date 1:24 AM 9/19/2018
Signers
[+] AnchorFree Inc
Status Valid
Issuer Symantec Class 3 SHA256 Code Signing CA
Valid from 12:00 AM 06/07/2017
Valid to 11:59 PM 07/20/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint D45C65C6F806A6F674171D85826CB9363E972360
Serial number 67 F1 53 B2 0A D3 39 9C 7E DD CE 2C 6C AF D7 66
[+] Symantec Class 3 SHA256 Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 12/10/2013
Valid to 11:59 PM 12/09/2023
Valid usage Client Auth, Code Signing
Algorithm sha256RSA
Thumbprint 007790F6561DAD89B0BCD85585762495E358F8A5
Serial number 3D 78 D7 F9 76 49 60 B2 61 7D F4 F0 1E CA 86 2A
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] GlobalSign TSA for Advanced - G2
Status Valid
Issuer GlobalSign Timestamping CA - SHA256 - G2
Valid from 12:00 AM 02/19/2018
Valid to 10:00 AM 03/18/2029
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 9B12057AE72AAFF6D63772B49F6A236F2649CDA9
Serial number 0C A7 CF 5D 07 07 24 AC 89 E7 9A 3A
[+] GlobalSign Timestamping CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 08/02/2011
Valid to 10:00 AM 03/29/2029
Valid usage All
Algorithm sha256RSA
Thumbrint 91843BBD936D86EAFA42A3AFBF33E92831068F99
Serial number 04 00 00 00 00 01 31 89 C6 50 04
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 10:00 AM 03/18/2009
Valid to 10:00 AM 03/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbrint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Packers identified
F-PROT CAB, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-01 14:33:52
Entry Point 0x0002E1FD
Number of sections 7
PE sections
Overlays
MD5 6501f8309f09cf9edd1aa4712c523583
File type data
Offset 495104
Size 18503088
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegEnumValueW
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
CheckTokenMembership
DecryptFileW
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
CloseEventLog
RegOpenKeyExW
OpenEventLogW
QueryServiceConfigW
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
SetEntriesInAclW
RegEnumKeyExW
CryptAcquireContextW
CryptDestroyHash
InitializeSecurityDescriptor
RegDeleteValueW
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitiateSystemShutdownExW
SetEntriesInAclA
ChangeServiceConfigW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
DeleteDC
SelectObject
GetObjectW
CreateCompatibleDC
DeleteObject
StretchBlt
GetVolumePathNameW
GetStdHandle
ReleaseMutex
WaitForSingleObject
SetFileTime
GetFileAttributesW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ConnectNamedPipe
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
TlsGetValue
CopyFileW
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetModuleHandleA
GetFullPathNameW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetNamedPipeHandleState
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
SystemTimeToFileTime
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetSystemInfo
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
CreateFileMappingW
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
DosDateTimeToFileTime
LCMapStringW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
VirtualQuery
lstrlenW
VirtualFree
GetCurrentDirectoryW
GetCurrentProcessId
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
CopyFileExW
InterlockedCompareExchange
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
SystemTimeToTzSpecificLocalTime
VirtualAlloc
CompareStringA
SysFreeString
VariantClear
VariantInit
SysAllocString
UuidCreate
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
GetMonitorInfoW
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
SetWindowLongW
IsWindow
PeekMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetCursorPos
RegisterClassW
UnregisterClassW
MessageBoxW
PostThreadMessageW
MonitorFromPoint
WaitForInputIdle
IsDialogMessageW
LoadCursorW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
RT_MESSAGETABLE 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.12.2.11061

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Hotspot Shield 7.12.2

ImageFileCharacteristics
Executable, 32-bit, Removable run from swap, Net run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
192000

EntryPoint
0x2e1fd

OriginalFileName
HSS-7.12.2-install-plain-773-plain.exe

MIMEType
application/octet-stream

LegalCopyright
AnchorFree Inc. All rights reserved.

FileVersion
7.12.2.11061

TimeStamp
2017:05:01 15:33:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup

ProductVersion
7.12.2.11061

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AnchorFree Inc.

CodeSize
302080

ProductName
Hotspot Shield 7.12.2

ProductVersionNumber
7.12.2.11061

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 929f169f8da257f8177795d51ae802f0
SHA1 d0672af2ae4844adfff3b8eba05414fc9dd44b20
SHA256 2e649d45529e8b29293a69d9469c095ded6dae20ad404c2dbbbad072e6b3341d
ssdeep
393216:92+Lr90bMsfxeir4DNec0YOde5qlNnq5/Dsc+D5upKJL:9xr9eMsfxbr4DNzOCApY/475up4L

authentihash bbdb6d1e2dfde21536f6694fe196ba793d7f7882bb8bb8cad7a11ff3eb408fb9
imphash 945b38293d63de197023e59f28a06bb8
File size 18.1 MB ( 18998192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-09-20 00:31:07 UTC ( 6 months ago )
Last submission 2019-02-12 17:18:03 UTC ( 1 month, 1 week ago )
File names hotspot-shield_7140.exe
HotspotShield-7.12.2-plain-773-plain.exe
HotspotShield-7.12.2-plain-773-plain.exe
BQADBQADNQADBjnYVR5Fk6XT6T7iAg
setup
Hotspot_Shield_VPN_v7.12.2.exe
HotspotShield-7.12.2-plain-773-plain.exe
1046647
HSS-773.exe
HotspotShield-7.12.2-plain-773-plain.exe
3c8d315fca6fceb0bf93.exe
HotspotShield-7.12.2-plain-773-plain (1).exe
2E649D45529E8B29293A69D9469C095DED6DAE20AD404C2DBBBAD072E6B3341D.exe
HSS-7.12.2-install-plain-773-plain.exe
HotspotShield_Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Runtime DLLs