» safe3wvs.exe
Overview
Analysis
File Details
Network (3)

safe3wvs.exe

Safe3WVS

www.safe3.com.cn

The executable safe3wvs.exe has been detected as malware by 20 anti-virus scanners. While running, it connects to the Internet address www.bu.edu on port 80 using the HTTP protocol.

File name:

safe3wvs.exe

Publisher:

www.safe3.com.cn

Product:

Safe3WVS

Version:

10.1.0.0

MD5:

af7edad6f219c27261ac442ae5e8ab6a

SHA-1:

fee3acacc763dc55df1373709a666d94c9364a7f

SHA-256:

b37754455c337f33d4262606ebd8f7a708e2d64197f7a8f73551ca153e312d4a

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

11/26/2024 9:43:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.mr0@JCZEgGh

902

Avira AntiVirus

TR/Spy.1256960.3

7.11.163.2

avast!

Win32:Malware-gen

2014.9-140816

AVG

Win32/Heur

2015.0.3380

Baidu Antivirus

Trojan.Win32.NoobyProtect

4.0.3.14816

Bitdefender

Gen:Trojan.Heur.mr0@JCZEgGh

1.0.20.1140

Clam AntiVirus

Win.Trojan.Agent-89438

0.98/21411

Comodo Security

TrojWare.Win32.Amtar.KNB

18907

Emsisoft Anti-Malware

Gen:Trojan.Heur.mr0@JCZEgGh

8.14.08.16.09

ESET NOD32

Win32/Packed.NoobyProtect (variant)

8.10123

F-Secure

Gen:Trojan.Heur.mr0@JCZEgGh

11.2014-16-08_7

G Data

Gen:Trojan.Heur.mr0@JCZEgGh

14.8.24

IKARUS anti.virus

Trojan-Spy256960.3

t3scan.1.6.1.0

McAfee

Artemis!AF7EDAD6F219

5600.7036

MicroWorld eScan

Gen:Trojan.Heur.mr0@JCZEgGh

15.0.0.684

Norman

Bumrat.B

11.20140816

Rising Antivirus

PE:Trojan.Win32.Generic.12DF2B2E!316615470

23.00.65.14814

Trend Micro House Call

TROJ_GEN.R0CBC0RD114

7.2.228

Trend Micro

TROJ_GEN.R0CBC0RD114

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

31410

File size:

1.2 MB (1,256,960 bytes)

Product version:

10.1.0.0

Original file name:

SafeVS.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

6/12/2010 5:58:00 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:uTf4BCmHIlsNA25blas3cDB5Jz0j3DL2XWaJ0bRFXK0l:uTgBjHIIlSl5Jz0j3H2XWaqbRFP

Entry address:

0x130B60

Entry point:

E8, 1C, 00, 00, 00, 53, 61, 66, 65, 6E, 67, 69, 6E, 65, 20, 53, 68, 69, 65, 6C, 64, 65, 6E, 20, 76, 32, 2E, 31, 2E, 35, 2E, 30, 00, E9, 10, F2, FF, FF, F9, 66, 8B, 3C, 24, 0F, 9F, C7, 66, F7, DF, 0F, CF, 8D, 7E, 45, EB, 19, 78, E7, 77, 12, E1, 68, 9A, F5, 8B, DD, B3, 56, F6, D7, 8D, 64, 24, 01, 86, FB, 8D, 2C, 18, EB, D5, 86, 1C, 24, 8D, 2C, AD, 00, 00, 00, 00, 66, F7, D7, 8B, E8, C0, C3, 05, F8, E9, 95, 00, 00, 00, F8, 66, F4, 93, 6E, E9, 17, 7E, 8A, DF, 8D, 64, 24, 05, 66, F7, DB, 88, 34, 24, 8D, 3C, 2B... 
[+]

Entropy:

7.6919

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.bu.edu (128.197.26.3:80)

Remove safe3wvs.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.