home

iSafeDownloader.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application iSafeDownloader.exe, “iSafe Downloader Component” by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 12 anti-malware scanners. While running, it connects to the Internet address b3.80.adb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
iSafe Downloader Component

Version:
1.0.180.27427

MD5:
b4ece22aeb5e072887cdc1600d797eb2

SHA-1:
caf8b8a675b6afb750f1394b0722e7fcd3d875b9

SHA-256:
6fc6e085866ce3c71f2fe5825c4b7ddfeabfe5f9fda805102c56b5aa78359634

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:56:56 PM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Gen:Variant.Mikey.13774
1.0.20.905

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Adware.Mutabaha.369
9.0.1.0181

Emsisoft Anti-Malware
Gen:Variant.Mikey.13774
8.15.06.30.02

ESET NOD32
Win32/ELEX.BZ potentially unwanted (variant)
9.11859

Fortinet FortiGate
Riskware/Elex
6/30/2015

G Data
Gen:Variant.Mikey.13774
15.6.25

K7 AntiVirus
Trojan
13.203.15866

Malwarebytes
FraudTool.YAC
v2015.06.30.02

Panda Antivirus
PUP/YAC
15.06.30.02

Reason Heuristics
Win32.Generic.ELEX.Meta
15.6.30.10

Trend Micro House Call
Suspicious_GEN.F47V0512
7.2.181

File size:
1.9 MB (2,034,104 bytes)

Product version:
1.0.180.27427

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
iSafeDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\isafedownloader.exe

Digital Signature
Signed by:
Elex do Brasil Participações Ltda

Authority:
VeriSign, Inc.

Valid from:
4/12/2015 9:00:00 PM

Valid to:
7/12/2017 8:59:59 PM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Sao Paulo, S=Consolacao, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0671EE526ACB6F9BE201F5A8E203C41C

File PE Metadata
Compilation timestamp:
6/29/2015 7:36:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:1oVSr124PSzJdSQuLxwo8fl+O5QKx+zrGbsp8V0NfMTTxqUSTmDNwodTW/:lbPSzJ7rsbjp8KNfMTTxqjSa1

Entry address:
0xC1ACE

Entry point:
E8, 65, 96, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 93, 98, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 6D, 8B, 45, 08, 85, C0, 75, 13, E8, 87, 3C, 00, 00, 6A, 16, 5E, 89, 30, E8, 7B, 61, 00, 00, 8B, C6, EB, 53, 57, 8B, 7D, 10, 85, FF, 74, 14, 39, 75, 0C, 72, 0F, 56, 57, 50, E8, 6E, 14, 00, 00, 83, C4, 0C, 33, C0, EB, 36, FF, 75, 0C, 6A, 00, 50, E8, 7C, 3F, 00, 00, 83, C4, 0C, 85, FF, 75, 09, E8, 46, 3C...
 
[+]

Code size:
939.5 KB (962,048 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to b3.80.adb8.ip4.static.sl-reverse.com  (184.173.128.179:80)

TCP (HTTP):
Connects to 1a.2d.6132.ip4.static.sl-reverse.com  (50.97.45.26:80)

Remove iSafeDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.