iSafeUpdate.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application iSafeUpdate.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address a2.42.7e4b.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Elex do Brasil Participações Ltda  (signed and verified)

Product:
YAC Security Protection

Description:
iSafeUpdate

Version:
4.1.31.8397

MD5:
12efb53b932aac5049912353b947efa3

SHA-1:
a61701f637ab0ff61cc6aeb2d82bd7a643a26e8e

SHA-256:
2b9b96aae674da537a976b1e0f715fb0c1e7cd09df50786f5eb4a30e54a33029

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 4:02:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.ElexdoBrasilParticipacoesa.L
14.3.20.14

File size:
245.7 KB (251,560 bytes)

Product version:
4.1.31.8397

Copyright:
Copyright (c) 2011-2014 Elex do Brasil Participações Ltda

Original file name:
iSafeUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\isafe\isafeupdate.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/24/2013 6:46:21 AM

Valid to:
8/17/2014 9:28:53 AM

Subject:
CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Consolação, S=São Paulo, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F51916F2BB9F54E82871FEA88CE8F5E

File PE Metadata
Compilation timestamp:
3/17/2014 2:58:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:i+myHLm4KyDJjHb+OzgqmqFhtTT1U5opQDboT/EzfzWM1c06O:i+Zq41JjH3hhtTT1soGDbojeX

Entry address:
0xE15C

Entry point:
E8, 50, 04, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, 7C, 10, 41, 00, 6A, 01, A3, DC, F3, 41, 00, E8, 43, 05, 00, 00, FF, 75, 08, E8, 41, 05, 00, 00, 83, 3D, DC, F3, 41, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 29, 05, 00, 00, 59, 68, 09, 04, 00, C0, E8, 2A, 05, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 6D, 15, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, C0, F1, 41, 00, 89, 0D, BC, F1, 41, 00, 89, 15, B8, F1, 41, 00, 89, 1D, B4, F1, 41, 00, 89, 35, B0, F1, 41, 00, 89, 3D, AC...
 
[+]

Code size:
64 KB (65,536 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ac.42.7e4b.ip4.static.sl-reverse.com  (75.126.66.172:80)

TCP (HTTP):
Connects to a2.42.7e4b.ip4.static.sl-reverse.com  (75.126.66.162:80)

TCP (HTTP):
Connects to ip-184-168-221-57.ip.secureserver.net  (184.168.221.57:80)

TCP (HTTP):
Connects to WIN-QTQ30GSEEHT  (113.171.224.210:80)

TCP (HTTP):
Connects to 208.43.239.127-static.reverse.softlayer.com  (208.43.239.127:80)

TCP (HTTP):
Connects to 208.43.235.232-static.reverse.softlayer.com  (208.43.235.232:80)

Remove iSafeUpdate.exe - Powered by Reason Core Security