isafe.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The executable isafe.exe has been detected as potentially unwanted by 1 anti-virus scanner. While running, it connects to the Internet address AY1303281151446 on port 80 using the HTTP protocol.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
YAC

Version:
6.7.106.29610

MD5:
ea7f5c9f0b22cddb26d0585099ca5a52

SHA-1:
354e72d86ac0407398bf38ffe365bbfcd99b5a86

SHA-256:
ba380da19a839757534faa26778e06c21aa6d6acb6e216b1bdcad58d3a00ff78

Scanner detections:
1 / 68

Status:
Potentially Unwanted

Analysis date:
12/24/2024 12:05:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.ELEX.Meta
15.8.31.11

File size:
713.6 KB (730,736 bytes)

Product version:
6.7.106.29610

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
isafe.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\elex-tech\yac\isafe.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/13/2015 5:30:00 AM

Valid to:
7/13/2017 5:29:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata
Compilation timestamp:
8/28/2015 2:00:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:RW43g2v35TDFkBeHR/N5Yu+KmpN4eFLabbwT+D6IyOb7GbIThEyCvYEqRV8Rsefz:Rb7v35TDFkBeHR/N5Yu+KmpN4wLabbw7

Entry address:
0x43642

Entry point:
E8, CA, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 1C, 62, 45, 00, FF, 25, 18, 62, 45, 00, FF, 25, 14, 62, 45, 00, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, AA, 04, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 94, 04, 00, 00, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 66, 31, 44, 00, 68, 60, F0, 47, 00, E8, A2, 04, 00, 00, 83, C4, 18, 5D, C3, CC, 55, 8B, EC, FF, 15, 60, 60, 45, 00, 6A, 01, A3, 5C, 5E, 48, 00, E8, 8D...
 
[+]

Entropy:
6.2060

Code size:
338.5 KB (346,624 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to AY1303281151446  (121.40.25.32:80)

TCP (HTTP):
Connects to ac.42.7e4b.ip4.static.sl-reverse.com  (75.126.66.172:80)

TCP (HTTP):
Connects to d5.d3.c0ad.ip4.static.sl-reverse.com  (173.192.211.213:80)

TCP (HTTP):
Connects to a2.42.7e4b.ip4.static.sl-reverse.com  (75.126.66.162:80)

TCP (HTTP):
Connects to 92.2b.6132.ip4.static.sl-reverse.com  (50.97.43.146:80)

TCP (HTTP):
Connects to e.2d.6132.ip4.static.sl-reverse.com  (50.97.45.14:80)

TCP (HTTP):
Connects to 4.2d.6132.ip4.static.sl-reverse.com  (50.97.45.4:80)

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.226.4:80)

Remove isafe.exe - Powered by Reason Core Security