home

BrowserSafer.exe

BrowserSafer

Installer Technology Co.

The application BrowserSafer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Installer Technology Co.

Product:
BrowserSafer

Version:
1, 0, 2, 1

MD5:
c066922269340e553236f7c2df288951

SHA-1:
a0114be4a4f84ae22d22d409a6ca68931f3bc481

SHA-256:
d5ecf44cf0bb6bfe293f28b35fdd45a7f070c0dba788622faf7fe9ab6b9b68e1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 6:01:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallerTech (M)
16.12.1.3

File size:
551.5 KB (564,736 bytes)

Product version:
1, 0, 2, 1

Copyright:
Copyright InstallerTech 2014

Original file name:
BrowserSafer.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\browsersafer\browsersafer.exe

File PE Metadata
Compilation timestamp:
11/30/2016 4:47:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
12288:HYTWsrqpYp1EmK+l37nhVGSKNhKgrWuS0WVTsG9Gx1sH8XUFBKI:HcLrqpSimT7Wh1rWubqTT9GsH8kFJ

Entry address:
0x3F320

Entry point:
E8, A2, B2, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 1B, B3, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, AB, F3, 43, 00, 6A, 00, FF, 75, 0C...
 
[+]

Code size:
383 KB (392,192 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 172-245-127-102-host.colocrossing.com  (172.245.127.102:80)

TCP (HTTP):
Connects to a23-4-59-27.deploy.static.akamaitechnologies.com  (23.4.59.27:80)

TCP (HTTP):
Connects to a23-4-53-163.deploy.static.akamaitechnologies.com  (23.4.53.163:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to a23-4-43-27.deploy.static.akamaitechnologies.com  (23.4.43.27:80)

TCP (HTTP):
Connects to a23-4-37-163.deploy.static.akamaitechnologies.com  (23.4.37.163:80)

TCP (HTTP):
Connects to a23-208-6-153.deploy.static.akamaitechnologies.com  (23.208.6.153:80)

TCP (HTTP):
Connects to a104-112-255-83.deploy.static.akamaitechnologies.com  (104.112.255.83:80)

TCP (HTTP):
Connects to crl.comodoca.com.cdn.cloudflare.net  (178.255.83.2:80)

TCP (HTTP):
Connects to a23-10-87-227.deploy.static.akamaitechnologies.com  (23.10.87.227:80)

TCP (HTTP):
Connects to a23-78-198-135.deploy.static.akamaitechnologies.com  (23.78.198.135:80)

TCP (HTTP):
Connects to ec2-52-200-95-59.compute-1.amazonaws.com  (52.200.95.59:80)

TCP (HTTP):
Connects to a23-0-211-249.deploy.static.akamaitechnologies.com  (23.0.211.249:80)

TCP (HTTP):
Connects to a23-0-210-71.deploy.static.akamaitechnologies.com  (23.0.210.71:80)

TCP (HTTP):
Connects to r-67-44-234-77.ff.avast.com  (77.234.44.67:80)

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP):
Connects to a23-4-103-48.deploy.static.akamaitechnologies.com  (23.4.103.48:80)

TCP (HTTP):
Connects to a104-113-58-222.deploy.static.akamaitechnologies.com  (104.113.58.222:80)

Remove BrowserSafer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.