isafe.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The executable isafe.exe has been detected as potentially unwanted by 1 anti-virus scanner. While running, it connects to the Internet address AY1303281151446 on port 80 using the HTTP protocol.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
YAC

Version:
6.6.63.27814

MD5:
cc6fbd64383380b0018c7eb41440a1f2

SHA-1:
8dc6c3c27d710867c0253145b8b408a3cce4a39d

SHA-256:
3b88967491adfbd97d51cf592805990ce93f58d6bff1fe9c651cae013b2d5710

Scanner detections:
1 / 68

Status:
Potentially Unwanted

Analysis date:
12/26/2024 12:58:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.ELEX.Meta
15.7.7.13

File size:
709.5 KB (726,520 bytes)

Product version:
6.6.63.27814

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
isafe.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\isafe.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/13/2015 2:00:00 AM

Valid to:
7/13/2017 1:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata
Compilation timestamp:
7/7/2015 5:57:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ZXSYQoPH90rlA/yLDjcAyS4EQyBmXglW5ydaLhMak6ZrYspRV8RsefkdIAG3Mwuj:Z7fPH90rlA/yLDjcAyS4EQyBmXglW5y0

Entry address:
0x42D52

Entry point:
E8, CA, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 24, 52, 45, 00, FF, 25, 14, 52, 45, 00, FF, 25, 10, 52, 45, 00, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, BA, 04, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, A4, 04, 00, 00, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 76, 28, 44, 00, 68, 60, D0, 47, 00, E8, B2, 04, 00, 00, 83, C4, 18, 5D, C3, CC, 55, 8B, EC, FF, 15, 60, 50, 45, 00, 6A, 01, A3, 0C, 3E, 48, 00, E8, 9D...
 
[+]

Code size:
336 KB (344,064 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to AY1303281151446  (121.40.25.32:80)

TCP (HTTP):
Connects to d5.d3.c0ad.ip4.static.sl-reverse.com  (173.192.211.213:80)

TCP (HTTP):
Connects to ae.42.7e4b.ip4.static.sl-reverse.com  (75.126.66.174:80)

TCP (HTTP):
Connects to a2.42.7e4b.ip4.static.sl-reverse.com  (75.126.66.162:80)

TCP (HTTP):
Connects to 75.126.134.24-static.reverse.softlayer.com  (75.126.134.24:80)

Remove isafe.exe - Powered by Reason Core Security