Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

564ba 14.74%
f4c1b 5.77%
76b79 0.64%
bb4b1 5.77%
e39c3 5.77%
d175c 1.92%
35e91 13.46%
a4ca4 1.92%
f91bb 2.56%
65603 3.85%
4cc98 0.64%
881db 4.49%
bad7b 0.64%
2e1df 10.90%
ec0c1 0.64%
edfe7 4.49%
91939 1.92%
18ee6 0.64%
fa2a2 10.90%
3bba9 0.64%
51cb8 2.56%
67a2b 1.28%
a4493 0.64%
01f17 1.28%
704ee 0.64%
View more
(Note, AnchorFree Inc publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
SetServiceStatus, QueryServiceConfigW, EnumServicesStatusW, RegEnumKeyExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, SetSecurityDescriptorDacl, OpenSCManagerW, CreateServiceW, CloseServiceHandle, RegCreateKeyW, RegSetValueExW, RegCloseKey, OpenServiceW, StartServiceW, QueryServiceStatus, ControlService, DeleteService, RegisterServiceCtrlHandlerW, ChangeServiceConfig2W, StartServiceCtrlDispatcherW, CloseEventLog, ReadEventLogW, GetOldestEventLogRecord, InitializeSecurityDescriptor, OpenEventLogW, RegisterServiceCtrlHandlerExW
iphlpapi.dll
GetAdaptersInfo
kernel32.dll
LoadLibraryW, GetProcAddress, OpenEventW, GetVersionExW, GetLastError, FindClose, FindNextFileW, WaitForSingleObject, FindFirstFileW, CreateEventW, CloseHandle, OpenProcess, CopyFileW, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime, GetSystemTimeAsFileTime, Sleep, FormatMessageW, InterlockedDecrement, DeleteFileW, GetModuleFileNameW, SetConsoleCtrlHandler, UnhandledExceptionFilter, lstrlenA, SetEnvironmentVariableA, GetProcessHeap, SetEndOfFile, InterlockedExchange, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, FreeLibrary, GetCurrentThreadId, CreateThread, PostQueuedCompletionStatus, SetEvent, CreateIoCompletionPort, GetQueuedCompletionStatus, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, WaitForMultipleObjects, FindCloseChangeNotification, FindNextChangeNotification, FindFirstChangeNotificationW, ResetEvent, GetModuleHandleW, GetSystemInfo, GetVersionExA, GetModuleHandleA, LoadLibraryA, SetCurrentDirectoryW, CreateMutexW, ReleaseMutex, OpenMutexW, GetTempPathW, GetTempFileNameW, GetSystemDirectoryW, OutputDebugStringW, GetSystemWindowsDirectoryW, GetLongPathNameW, GetVolumeInformationW, WideCharToMultiByte, MultiByteToWideChar, CreateFileW, ReadFile, InterlockedIncrement, CreateDirectoryW, HeapFree, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitThread, ResumeThread, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileA, HeapAlloc, HeapReAlloc, GetDriveTypeW, RaiseException, RtlUnwind, WriteFile, GetConsoleCP, GetConsoleMode, GetStdHandle, GetModuleFileNameA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapCreate, VirtualFree, VirtualAlloc, HeapSize, ExitProcess, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, LCMapStringA, LCMapStringW, GetFullPathNameA, GetFileInformationByHandle, PeekNamedPipe, CreateFileA, GetCurrentDirectoryA, SetFilePointer, GetFullPathNameW, CompareStringW, CompareStringA, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, GetTimeFormatA, FormatMessageA, LocalFree, GetFileSize, GetDateFormatA, HeapDestroy, EncodePointer, DecodePointer, HeapSetInformation, FindFirstFileExW, IsProcessorFeaturePresent, GetStartupInfoW, GetCurrentDirectoryW, InterlockedExchangeAdd, CreateEventA, OpenEventA, CreateWaitableTimerA, QueueUserAPC, TerminateThread, SetWaitableTimer, ReleaseSemaphore, CreateSemaphoreA, InterlockedCompareExchange, UnregisterWaitEx, RegisterWaitForSingleObject, SleepEx, CreateWaitableTimerW, DuplicateHandle, GetLocaleInfoW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale
ole32.dll
CoCreateInstance, CoInitialize, OleRun
psapi.dll
GetModuleFileNameExW, EnumProcessModules, EnumProcesses
shell32.dll
SHGetFolderPathW, SHGetFolderPathA
shlwapi.dll
PathAppendW, PathCombineW, PathFileExistsW, PathIsDirectoryW, PathIsRootW, PathAddBackslashW
user32.dll
wvsprintfW, GetSystemMetrics
ws2_32.dll
WSACreateEvent, WSAEventSelect, WSAEnumNetworkEvents, WSAIoctl

hsswd.exe

By AnchorFree Inc (Signed)

Remove hsswd.exe
MD5:   76b79a1afdd992812c21c0c015744d15
SHA1:   28b2a0b5c5d5a5f99b158dedc9cb569443d40bee
SHA256:   1553d2486fb1b3b334375c06253794ba48dde6f3bd38455eafa4045e42b78d0e
Warning 5 antivirus scanners has detected malware.

About hsswd.exe (from AnchorFree Inc)

Hotspot Shield creates a virtual private network (VPN) between your laptop or iPhone and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers, ISP‘s, from viewing your web browsin

Overview

hsswd.exe is malware that runs as a service under the name ExpatWd (ExpatWd) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by AnchorFree Inc which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:hsswd.exe
Typical file path:C:\Program Files\hotspot shield\bin\hsswd.exe
Size:379.36 KB (388,464 bytes)
Certificate
Issued to:AnchorFree Inc
Authority (CA):VeriSign
Effective date:Sunday, March 27, 2011
Expiration date:Sunday, April 13, 2014
Digital DNA
PE subsystem:Windows Console
Entropy:6.591774
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • ExpatWd
  • 'ExpatWd' (Expat Shield Monitoring Service)
  • 'HssWd' (Hotspot Shield Monitoring Service)

MalwareMalware detections

Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engineEngine versionDetection
Emsisoft Anti-Malware 3.0.0.569 Gen:Variant.Graftor.48415 (B)
Jiangmin 13.0.900 Trojan/Agent.iewo
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V1103
Vba32 AntiVirus 3.12.18.4 Trojan.Agent.abak
VIPRE Antivirus 14330 Trojan.Win32.Generic!BT

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00130573%
0.028634%
Kernel CPU:0.00108192%
0.013761%
User CPU:0.00022380%
0.014873%
Kernel CPU time:905 ms/min
100,923,805ms/min
CPU cycles:698,873/sec
17,470,203/sec
Memory
Private memory:4.13 MB
21.59 MB
Private (maximum):8.13 MB
Private (minimum):6.68 MB
Non-paged memory:4.13 MB
21.59 MB
Virtual memory:66.05 MB
140.96 MB
Virtual memory (peak):68.55 MB
169.69 MB
Working set:6.68 MB
18.61 MB
Working set (peak):8.21 MB
37.95 MB
Page faults:14,665/min
2,039/min
I/O
I/O read transfer:127 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:4 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:3.74 KB/sec
448.09 KB/min
I/O other operations:112/sec
1,671/min
Resource allocations
Threads:6
12
Handles:139
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command line:"C:\Program Files\hotspot shield\bin\hsswd.exe"
Owner:SYSTEM
Windows Service
Service name:ExpatWd
Display name:ExpatWd
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 38.31%
Windows 7 Home Premium 21.43%
Microsoft Windows XP 14.29%
Windows 8 Pro 6.49%
Windows Vista Home Premium 4.55%
Windows 7 Professional 3.90%
Windows 7 Home Basic 2.60%
Windows 8 Enterprise 2.60%
Windows 7 Ultimate N 1.95%
Windows 8 Pro with Media Center 1.30%
Windows 8 Single Language 0.65%
Windows 8 Enterprise N 0.65%
Windows XP Professional 0.65%
Windows 8 0.65%

Distribution by countryDistribution by country

United States installs about 20.69% of hsswd.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Toshiba 24.19%
Dell 19.35%
ASUS 12.90%
Hewlett-Packard 10.48%
Lenovo 9.68%
Acer 7.26%
Intel 3.23%
Sony 3.23%
MSI 3.23%
GIGABYTE 3.23%
American Megatrends 1.61%
Gateway 1.61%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE