isafe_setup.exe

The application isafe_setup.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl2.yac.mx.
MD5:
a24b13b6203d444c64e86f4574023c3e

SHA-1:
eb750b71bf579c6de5949611e07b23e86c4650c8

SHA-256:
358a7b15b9027f11771d0d0c1b9ea1673aa82f4ed781518202e54ee168fde6c6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:34:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.iSafe (M)
16.7.8.9

File size:
11.7 MB (12,243,104 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\isafe_setup.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
196608:5OZ7atNTSOVP3izBSDWqqkgycNHE/N7tptkTyBlHQZcUAae9cRZItrBdykSgI13T:QZ7OZSOodqqbvH0NnGTSlWc3qW8d9HWc

Entry point:
07, C5, A2, F3, D6, F2, 1D, 89, D4, A8, 4E, 95, 5B, 8E, 30, 79, 59, 1B, AE, 13, B4, A2, 1E, CC, B0, 4C, C9, 5E, A3, 4E, 18, F3, 43, 1A, E0, A3, D3, 97, 84, E3, E2, 50, DC, B6, BA, E3, F8, 3E, 21, AA, D9, BD, FB, 8C, 15, C3, 36, 21, 39, 5C, 3F, A4, 28, 68, AF, 88, BC, 6A, B0, 4D, 44, 88, AC, D9, 02, 10, 8A, 2C, F5, 3F, DA, A7, 96, 87, 18, E9, 7E, B4, 22, CD, 17, 5E, 27, F2, 97, D1, F9, 8D, A9, A4, 54, 93, 62, 2C, B5, C5, FD, 8E, 09, 9A, 62, BD, 89, 1B, D1, 1A, 78, 40, 00, 54, 5A, A8, 15, A7, 65, 04, B8, F9...
 
[+]

The file isafe_setup.exe has been seen being distributed by the following URL.

Remove isafe_setup.exe - Powered by Reason Core Security