SafeGuard.exe

SafeGuard

Alerts LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application SafeGuard.exe by Alerts has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program SafeGuard by Alerts LLC which is a potentially unwanted software program.
Publisher:
Alerts LLC  (signed and verified)

Product:
SafeGuard

Version:
2.0.0.0

MD5:
390e80ced15f981b0d76f440be5037a4

SHA-1:
63724db2a632f8503f7304fbd28e55eb9eeb677c

SHA-256:
1a88d5c0bcf45fbfacc558440942f7347a700ea8ad2b6518cea87a88b5c9d39d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 8:00:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Weather.Alerts (M)
15.10.21.17

File size:
229.5 KB (235,000 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 2014 Alerts LLC.

Original file name:
SafeGuard.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\safeguard\safeguard.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/4/2014 8:00:00 PM

Valid to:
6/5/2015 7:59:59 PM

Subject:
CN=Alerts LLC, O=Alerts LLC, STREET="101 Colorado St #2309", L=Austin, S=TX, PostalCode=78701, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4FE74573C3AAF1867F4DF866A77B161

File PE Metadata
Compilation timestamp:
3/17/2015 3:38:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:ovDoUbfs+5TPSEdY/2toLxQXAIRTwjb7gTEPLcTxw:bULJTP9tqQXRwjb7gTEPLca

Entry address:
0xB40E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3845

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
37.5 KB (38,400 bytes)

The file SafeGuard.exe has been discovered within the following programs.

SafeGuard  by Alerts LLC
83% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-216-243-158.deploy.static.akamaitechnologies.com  (23.216.243.158:443)

TCP (HTTP):
Connects to a2-16-4-178.deploy.akamaitechnologies.com  (2.16.4.178:80)

TCP (HTTP):
Connects to a104-121-18-254.deploy.static.akamaitechnologies.com  (104.121.18.254:80)

TCP (HTTP SSL):
Connects to a104-105-29-120.deploy.static.akamaitechnologies.com  (104.105.29.120:443)

TCP (HTTP):
Connects to nesdis-ssmc2.woc.noaa.gov  (140.90.33.21:80)

TCP (HTTP):
Connects to a23-221-211-147.deploy.static.akamaitechnologies.com  (23.221.211.147:80)

TCP (HTTP):
Connects to a104-124-204-187.deploy.static.akamaitechnologies.com  (104.124.204.187:80)

TCP (HTTP SSL):
Connects to a104-120-167-164.deploy.static.akamaitechnologies.com  (104.120.167.164:443)

TCP (HTTP):
Connects to nesdis-ssmc.woc.noaa.gov  (140.90.33.11:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-223-104-105.deploy.static.akamaitechnologies.com  (23.223.104.105:443)

TCP (HTTP SSL):
Connects to a104-64-57-53.deploy.static.akamaitechnologies.com  (104.64.57.53:443)

TCP (HTTP):
Connects to a104-122-64-133.deploy.static.akamaitechnologies.com  (104.122.64.133:80)

TCP (HTTP):
Connects to a104-117-139-128.deploy.static.akamaitechnologies.com  (104.117.139.128:80)

Remove SafeGuard.exe - Powered by Reason Core Security