» isafe.exe
Overview
Analysis
File Details
Network (5)

isafe.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The executable isafe.exe has been detected as potentially unwanted by 1 anti-virus scanner. While running, it connects to the Internet address AY1303281151446 on port 80 using the HTTP protocol.

File name:

isafe.exe

Publisher:

Elex do Brasil Participações Ltda (signed and verified)

Product:

YAC Security Protection

Description:

YAC

Version:

6.6.63.27814

MD5:

cc6fbd64383380b0018c7eb41440a1f2

SHA-1:

8dc6c3c27d710867c0253145b8b408a3cce4a39d

SHA-256:

3b88967491adfbd97d51cf592805990ce93f58d6bff1fe9c651cae013b2d5710

Scanner detections:

1 / 68

Status:

Potentially Unwanted

Analysis date:

11/15/2024 3:18:16 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic.ELEX.Meta

15.7.7.13

File size:

709.5 KB (726,520 bytes)

Product version:

6.6.63.27814

Original file name:

isafe.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\isafe.exe

Digital Signature

Signed by:

Elex do Brasil Participações Ltda

Authority:

VeriSign, Inc.

Valid from:

4/13/2015 2:00:00 AM

Valid to:

7/13/2017 1:59:59 AM

Subject:

CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata

Compilation timestamp:

7/7/2015 5:57:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:ZXSYQoPH90rlA/yLDjcAyS4EQyBmXglW5ydaLhMak6ZrYspRV8RsefkdIAG3Mwuj:Z7fPH90rlA/yLDjcAyS4EQyBmXglW5y0

Entry address:

0x42D52

Entry point:

E8, CA, 03, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 24, 52, 45, 00, FF, 25, 14, 52, 45, 00, FF, 25, 10, 52, 45, 00, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, BA, 04, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, A4, 04, 00, 00, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 76, 28, 44, 00, 68, 60, D0, 47, 00, E8, B2, 04, 00, 00, 83, C4, 18, 5D, C3, CC, 55, 8B, EC, FF, 15, 60, 50, 45, 00, 6A, 01, A3, 0C, 3E, 48, 00, E8, 9D... 
[+]

Code size:

336 KB (344,064 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to AY1303281151446 (121.40.25.32:80)

TCP (HTTP):

Connects to d5.d3.c0ad.ip4.static.sl-reverse.com (173.192.211.213:80)

TCP (HTTP):

Connects to ae.42.7e4b.ip4.static.sl-reverse.com (75.126.66.174:80)

TCP (HTTP):

Connects to a2.42.7e4b.ip4.static.sl-reverse.com (75.126.66.162:80)

TCP (HTTP):

Connects to 75.126.134.24-static.reverse.softlayer.com (75.126.134.24:80)

Remove isafe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.