HssSrv.exe
By AnchorFree Inc (Signed)
Warning 9 antivirus scanners has detected malware in various versions of HssSrv.exe.
Overview
There are 20 versions of hsssrv.exe in the wild, the latest version being 2, 91, 0, 0. It is started as a Windows Service called 'ExpatSrv' with the name 'ExpatSrv'. In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 420.69 KB. The file is a digitally signed and issued to AnchorFree Inc by VeriSign. The programs Hotspot Shield 2.67, Expat Shield 2.24 and Hotspot Shield 3.09 have been observed as installing specific variations of hsssrv.exe. During the process's lifecycle, the typical CPU resource utilization is about 0.0073% including both foreground and background operations, the average private memory consumption is about 2.71 MB with the maximum memory reaching around 6.64 MB. Addionally, typically read and write I/O disk operations is about 13.35 KB per minute for reads and 8.62 KB per minute for writes.
What is hsssrv.exe?
Hotspot Shield allows you to create a VPN, or virtual private network, so you can transfer your data securely. When you access the Internet through such connections, you risk having your computer or mobile infected by a virus or even an intruder to enter your system. Moreover, the dangers exist that a malicious person can intercept your information and use it for unfriendly reasons.
About hsssrv.exe (from AnchorFree Inc)
“Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers, ISP‘s, from viewing your web browsin”
 Details
|
| File name: | hsssrv.exe |
| Publisher: | AnchorFree Inc. |
| Typical file path: | C:\Program Files\hotspot shield\hsswpr\hsssrv.exe |
| Certificate |
| Issued to: | AnchorFree Inc |
| Authority (CA): | VeriSign |
| Effective date: | Sunday, March 27, 2011 |
| Expiration date: | Sunday, April 13, 2014 |
| Windows Service |
| Service name: | ExpatSrv |
| Display name: | ExpatSrv |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of hsssrv.exe.)
If you are using the free Service, AnchorFree may deliver third-party Advertisements within the content of any web page accessed. Advertisements may be injected into the top of the page, inserted dire...
Expat Shield is a VPN program that allows users to access UK TV websites such as BBC iPlayer and ITV when outside of the UK. Expat Shield routes your IP address via a UK IP address as if you were stil...
Behaviors
(Note, the behaviors below are for all versions of hsssrv.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- ExpatSrv
- 'ExpatSrv' (Expat Shield Routing Service)
- 'HssSrv' (Hotspot Shield Routing Service)
Malware detections
Based on 40+ industry antivirus scanners, 9 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Emsisoft Anti-Malware |
3.0.0.569 |
Gen:Variant.Graftor.48415 (B) |
2, 72, 0, 0 |
| Emsisoft Anti-Malware |
3.0.0.569 |
Gen:Variant.Graftor.48415 (B) |
2, 74, 0, 0 |
| NANO AntiVirus |
0.22.8.50837 |
Trojan.Win32.Siggen.bbwhyo |
2, 74, 0, 0 |
| nProtect |
2013-03-11.01 |
Trojan/W32.Agent.413040.B |
2, 74, 0, 0 |
| The Hacker |
None |
Trojan/Agent.btae |
2, 74, 0, 0 |
| Trend Micro |
9.740.0.1012 |
HT_AGENT_BK084128.TOMC |
2, 74, 0, 0 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1029 |
2, 72, 0, 0 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1018 |
2, 74, 0, 0 |
| VIPRE Antivirus |
14200 |
Trojan.Win32.Generic!BT |
2, 72, 0, 0 |
All file variations of hsssrv.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
33.33% |
|
| Windows 7 Home Premium |
23.48% |
|
| Microsoft Windows XP |
17.42% |
|
| Windows 7 Professional |
6.82% |
|
| Windows Vista Home Premium |
5.30% |
|
| Windows 8 Pro |
4.55% |
|
| Windows 8 Enterprise |
3.03% |
|
| Windows 8 |
2.27% |
|
| Windows 7 Ultimate N |
2.27% |
|
| Windows XP Professional |
0.76% |
|
| Windows 7 Home Basic |
0.76% |
|
Distribution by country
United States installs about 22.76% of hsssrv.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Toshiba |
31.46% |
|
| Dell |
13.48% |
|
| Hewlett-Packard |
12.36% |
|
| ASUS |
11.24% |
|
| Sony |
8.99% |
|
| Acer |
6.74% |
|
| MSI |
4.49% |
|
| Lenovo |
4.49% |
|
| GIGABYTE |
4.49% |
|
| Gateway |
2.25% |
|
