PSafeTotalSetup.exe

Instalador PSafe Total

PSafe Tecnologia S.A.

The application PSafeTotalSetup.exe by PSafe Tecnologia S.A has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.chromeget.co and multiple other hosts.
Publisher:
PSafe  (signed by PSafe Tecnologia S.A.)

Product:
Instalador PSafe Total

Version:
5.1.0.1069

MD5:
99bca7e27bc84b71077a365493e2ea80

SHA-1:
804a8dd096726db26effbe2d85d4b4f0f528eadb

SHA-256:
aaf7a58e9a266caf118919625bece9a8c69ce8b78a1c4470fff97af70f61b361

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 11:43:22 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.157527
821

F-Secure
Gen:Variant.Adware.Graftor.157527
11.2014-05-11_4

IKARUS anti.virus
Trojan.Generic.11497044
t3scan.1.7.8.0

MicroWorld eScan
Gen:Variant.Adware.Graftor.157527
15.0.0.927

Rising Antivirus
PE:Trojan.Win32.Generic.16D3C0EB!382976235
23.00.65.141103

Trend Micro House Call
Suspicious_GEN.F47V0821
7.2.309

File size:
33.3 MB (34,878,152 bytes)

Product version:
5.1.0.1069

Copyright:
Copyright (C) 2014

Original file name:
PSafeTotalSetup.exe

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\users\{user}\downloads\psafetotalsetup.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
1/20/2013 11:00:00 PM

Valid to:
1/26/2015 11:00:00 AM

Subject:
CN=PSafe Tecnologia S.A., O=PSafe Tecnologia S.A., L=Rio de Janeiro, S=Rio de Janeiro, C=BR

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07F79AA9335B794D70779F719061AFF2

File PE Metadata
Compilation timestamp:
10/17/2014 9:08:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:w2lMhvXlcG7YnalQ7+6stVmQOPY++UOK2UAOsBtM7VoqcpctI71av6a3iVCJGhQr:wxb6stVmy++o8ODeMIBavrSVvcaenogv

Entry address:
0x62F75

Entry point:
E8, 39, A7, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 59, 33, C0, 8D, 7D, E4, F3, AB, 5F, 85, F6, 75, 15, E8, 20, 1C, 00, 00, C7, 00, 16, 00, 00, 00, E8, B0, 53, 00, 00, 83, C8, FF, C9, C3, 39, 45, 0C, 74, E6, 56, E8, 93, A7, 00, 00, 59, C7, 45, EC, 49, 00, 00, 00, 89, 75, E8, 89, 75, E0, 3D, FF, FF, FF, 3F, 76, 09, C7, 45, E4, FF, FF, FF, 7F, EB, 05, 03, C0, 89, 45, E4, FF, 75, 14, 8D, 45, E0, FF, 75, 10, FF, 75, 0C, 50, FF, 55, 08, 83, C4, 10, C9, C3, 8B, FF...
 
[+]

Code size:
628.5 KB (643,584 bytes)

The file PSafeTotalSetup.exe has been seen being distributed by the following 11 URLs.

http://www.chromeget.co/getCSV.php?redir=1

http://www.psafe.com/totalsecurity/pt-BR/.../d

http://d.baixakifiles2.com/?ic_user_id=254&data=qP7yUzJ9tvdNC979 cv6SXmq D3dKZbTjwRkNgiQdOBFSlqKfluaS7Z b3CQXu7Zmj kYLu127DDz2y/EfCiKDi7CTm8jILq43IWZSdUkvPjy717jCkmlDMbcnASvGX4WhHPzJmhyO7jGqaD7NcRPw8O2U8h6/cgHbySmzom0B96Ayw0w06333VYM1jVVBeAoe7kjJbCcMRgKW0k2gnvTaYlQYgjqi Mqf8r9XfhOoUT9lAKuNhOwFgET0WzKknnjECt8qn7ZINrgOP9oNczB1Yd6SgCJSKanHP98StuivQPd2LKlR4kSEiyF OvLInRBBwdF3j3btUwsR2hiWvrP7VsB A51LGZQ2438nBmWJAaq2rvfMdyd966k7pDaSi/7vrZD rfVsi6XBA/m8bZ2MJgJye57NaKpY6oaptqE2bA6obkHbvKb5ohuafViBG9NoF7K3ps3vJmfDJih61QwMPc0pPZ4jzgDa8nuNHJ5CacgUq7MR0bq1J3ni8hev3j3iALDIiGeqybHKqrfHAXVUFMh8cntWaeA8b0z1PXyo2lJG/bHG8rxYxAL jdOj7o4ucmKM ccmpcOe18PZPYTgEEUqJHbowFjyvuf5Mi2DYuoZtNHflLMZkzRCFlXCw 8JAhWxBGrcc8n2h5gylZ7pX9wWPxiMJljjtW9X6hh0LyswEhQWx2YWq/9fN7iCXPTKOAgSrGVC9iBYKZITdEUGuiJYu7sabYA==&key=gbfkYHUfK/Q BEZO6Td5hOBUKWsGhLjAY3ZLV/cg25b/Cy4ETrU5wM9sGuWfggIhaxsB3K2IvJrHEjeRQXofhoa2RCk8uW mQaDT6irWyCdAqRwYOwow3iOl9VVINaMHXfe5ab/.../RNOeNG9SnKC3tpMnscTMkCvcrG5M0xX9ASoH8VhWaOK Ex8jB9Vd5x1gm7WkIIDF

http://d.highaa.com/?ic_user_id=9289&data=/EXeAKwqcpRaGcVGGilJTMF/MKkTG5mnsf0ZtZeBgRQ6o/dyXpgoE0 dKwVCfd5oYvgJJBdUycyjFyXZpe5qcKGG8P2GB4Uv3dxqIXmYo3nIHdfE7 8U N8LOInq8AxLbnCLpLTWg6wKdIs1Xi6lylbHI0B1XadjDYO7XfT bkHqlh72Zb0t0bk18njDJbU1kHyw8FZc6buPD2TbK2l9rdEB9fYcpxMaXQjlQ1YwhM5yaoIUGTbO3OsjXRG OwfZR/49DX5ftTfIuarInCAxayESTz6j9DatOQec784LdcbzHdBC1Icx6/Y8Y4wKVX8L8uBTCrseWm1JOb2soirCbpxYIgeyikNKs8kTxLMbQUXljcBKEeOaMPr9TRe8JKxlCNp5x3pvqpT2HZVlEUib3Xd8bWyoNwGqYlOdxwckyQxirpizeZIl6SRWGC T4IbibkLdCE/0FYoX 1qFElGIeZxHhbdyrmiHMJmOEDmxFFWSHdgLDSo0ECSRKTevTTcaF3ZFobmmU42RHH5IvRggvfTIVcMv/Jv6uKmMmbAcQE388dp701CES0mdmxja2Td3LBYFkQefk79xxNEKvGwFiQpeWsi5ks4NhV40HmU9ZCrTgzed86Kmtw1I0fPJq6Azt1ZF7FuKhkdXXKwAPt72Eql1xseRr0rOxzLp07ytDQmP1p8SUJ0GGEy76oyfzEPwFTmYgnWMiOlBjPDskI 7u/6wd/kF7Gknw==&key=f3KQ2KgCiJ0YnappkdWGSHuPXktHmxSCQkxAUnZWRjJuM8NIfXsdiOQLWDnkNGqSQGBJQsKGwelEF/78 1aHuJcbxRpXTbdkMeR3vN/.../dkEu2 NQb3C trlBSPpOYdI

Remove PSafeTotalSetup.exe - Powered by Reason Core Security