home

BrowserSafer.exe

BrowserSafer

Installer Technology Co.

The application BrowserSafer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “BrowserSafer”. This executable runs as a local area network (LAN) Internet proxy server listening on port 47574 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Installer Technology Co.

Product:
BrowserSafer

Version:
1, 0, 2, 1

MD5:
504035466a555ba4d9ab252e0c347b4d

SHA-1:
ccccf317a2dc548838ba783e529519d30da19f2b

SHA-256:
38147269378b9ed06ade87b929768d337c934f5d8e5d7c7029baaba9c6a24287

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/15/2025 7:51:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallerTech (M)
16.12.1.18

File size:
551.5 KB (564,736 bytes)

Product version:
1, 0, 2, 1

Copyright:
Copyright InstallerTech 2014

Original file name:
BrowserSafer.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\browsersafer\browsersafer.exe

File PE Metadata
Compilation timestamp:
11/30/2016 8:18:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
12288:8YTWsrqpYp1EmK+l37nhVGSKNhKgrWuS0WVTsG9Gx1sH8XUFBKI:8cLrqpSimT7Wh1rWubqTT9GsH8kFJ

Entry address:
0x3F320

Entry point:
E8, A2, B2, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 1B, B3, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, AB, F3, 43, 00, 6A, 00, FF, 75, 0C...
 
[+]

Entropy:
6.3859

Code size:
383 KB (392,192 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:47574/

Local host port:
47574

Default credentials:
No


Service
Display name:
BrowserSafer

Description:
This service will protect all your browsers from potential dangerous pages and sites.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 172-245-127-102-host.colocrossing.com  (172.245.127.102:80)

TCP (HTTP):
Connects to nycp-hlb14.doubleverify.com  (204.154.111.117:80)

TCP (HTTP):
Connects to ec2-52-206-203-23.compute-1.amazonaws.com  (52.206.203.23:80)

TCP (HTTP):
Connects to a23-52-91-27.deploy.static.akamaitechnologies.com  (23.52.91.27:80)

TCP (HTTP):
Connects to a23-52-85-163.deploy.static.akamaitechnologies.com  (23.52.85.163:80)

TCP (HTTP):
Connects to a104-72-66-226.deploy.static.akamaitechnologies.com  (104.72.66.226:80)

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (66.225.197.197:80)

TCP (HTTP):
Connects to a104-72-19-33.deploy.static.akamaitechnologies.com  (104.72.19.33:80)

TCP (HTTP):
Connects to origin-home.mcafee.com  (161.69.12.12:80)

TCP (HTTP):
Connects to a23-54-187-27.deploy.static.akamaitechnologies.com  (23.54.187.27:80)

TCP (HTTP):
Connects to a23-54-181-163.deploy.static.akamaitechnologies.com  (23.54.181.163:80)

TCP (HTTP):
Connects to a23-4-187-27.deploy.static.akamaitechnologies.com  (23.4.187.27:80)

TCP (HTTP):
Connects to a23-4-181-163.deploy.static.akamaitechnologies.com  (23.4.181.163:80)

TCP (HTTP):
Connects to a23-196-115-33.deploy.static.akamaitechnologies.com  (23.196.115.33:80)

TCP (HTTP):
Connects to a104-92-4-142.deploy.static.akamaitechnologies.com  (104.92.4.142:80)

Remove BrowserSafer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.