iSafeTray.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application iSafeTray.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 10 anti-malware scanners. While running, it connects to the Internet address 92.2b.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
YACTray

Version:
6.5.21.26197

MD5:
362b66474f4a423e1242a7cf878dc55f

SHA-1:
15c24bc82cf1f0b90d864c0c217f6176e8879777

SHA-256:
7319edcbdc073905a1dce6b3fe29383fef967d51bed02d6feb2dbb861ba8035e

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 11:36:52 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:Malware-gen
2014.9-150605

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mutabaha.384
9.0.1.05190

ESET NOD32
Win32/ELEX.CC potentially unwanted application
7.0.302.0

Malwarebytes
FraudTool.YAC
v2015.06.05.02

Panda Antivirus
PUP/YAC
15.06.05.02

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
Win32.Generic.ELEX.Meta
15.6.5.2

Trend Micro House Call
Suspicious_GEN.F47V0325
7.2.156

File size:
350.3 KB (358,696 bytes)

Product version:
6.5.21.26197

Copyright:
Copyright (c) 2011-2015 Elex do Brasil Participações Ltda

Original file name:
iSafeTray.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\isafetray.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/23/2014 2:00:00 AM

Valid to:
6/21/2015 1:59:59 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata
Compilation timestamp:
5/29/2015 12:13:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:3qEod11ojXi0+QG6hEBHTfXmT1V8FsgIVFkd6HoGDbojSF2D:Hod11ojkQG6yHrXA1V8FsgIloGDbojSc

Entry address:
0x1DDD3

Entry point:
E8, E9, 03, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, C0, 30, 42, 00, 6A, 01, A3, 04, 87, 43, 00, E8, E0, 04, 00, 00, FF, 75, 08, E8, DE, 04, 00, 00, 83, 3D, 04, 87, 43, 00, 00, 59, 59, 75, 08, 6A, 01, E8, C6, 04, 00, 00, 59, 68, 09, 04, 00, C0, E8, C7, 04, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 6C, 14, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, E8, 84, 43, 00, 89, 0D, E4, 84, 43, 00, 89, 15, E0, 84, 43, 00, 89, 1D, DC, 84, 43, 00, 89, 35, D8, 84, 43, 00, 89, 3D, D4...
 
[+]

Code size:
135 KB (138,240 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to d5.d3.c0ad.ip4.static.sl-reverse.com  (173.192.211.213:80)

TCP (HTTP):
Connects to b3.80.adb8.ip4.static.sl-reverse.com  (184.173.128.179:80)

TCP (HTTP):
Connects to 92.2b.6132.ip4.static.sl-reverse.com  (50.97.43.146:80)

TCP (HTTP SSL):
Connects to server-54-192-159-171.sin3.r.cloudfront.net  (54.192.159.171:443)

TCP (HTTP SSL):
Connects to server-54-192-159-135.sin3.r.cloudfront.net  (54.192.159.135:443)

Remove iSafeTray.exe - Powered by Reason Core Security