safeguardapp.exe

Alerts LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application safeguardapp.exe by Alerts has been detected as adware by 12 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SafeGuard’. This file is typically installed with the program SafeGuard by Alerts LLC which is a potentially unwanted software program.
Publisher:
Alerts LLC  (signed and verified)

Version:
1.0.2.25

MD5:
f842ab414a56a003f8f7397958d081f8

SHA-1:
6f29634e5f864b6311ee4c16e00c62ab96938695

SHA-256:
64ff03df0816da5b2faff1bf0782b6a3205f5574ecea765748d10d5ee9f50b3c

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
12/24/2024 1:12:16 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen7
3.6.1.96

Dr.Web
Adware.Plugin.962
9.0.1.088

ESET NOD32
Win32/Verti.K potentially unwanted (variant)
9.11391

Fortinet FortiGate
Riskware/Verti
3/29/2015

herdProtect (fuzzy)
2015.7.3.15

K7 AntiVirus
Trojan
13.202.15414

Malwarebytes
PUP.Optional.StormWatch.A
v2015.04.02.02

McAfee
Artemis!F842AB414A56
5600.6812

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.2.2

Sophos
Generic PUA GP
4.98

Trend Micro House Call
Suspicious_GEN.F47V0318
7.2.88

File size:
1.5 MB (1,537,040 bytes)

Product version:
1.0.2.25

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\safeguard\safeguardapp.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/5/2014 2:00:00 AM

Valid to:
6/6/2015 1:59:59 AM

Subject:
CN=Alerts LLC, O=Alerts LLC, STREET="101 Colorado St #2309", L=Austin, S=TX, PostalCode=78701, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4FE74573C3AAF1867F4DF866A77B161

File PE Metadata
Compilation timestamp:
3/17/2015 7:06:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:W5o2NboQuW+dCZpjHHONUngnG8lv+ojpwC741O9yJgqeA0Y8L6UI3ZFumLjTDzjj:D2toTkHynGuv+epwCIOqA7EZFuewyOq

Entry address:
0x4CAC3

Entry point:
E8, E5, C7, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 00, C2, 53, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 30, A5, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 19, C2, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Code size:
952.5 KB (975,360 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SafeGuard

Command:
"C:\Program Files\safeguard\safeguardapp.exe"


The file safeguardapp.exe has been discovered within the following program.

SafeGuard  by Alerts LLC
83% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to server-54-230-190-16.maa3.r.cloudfront.net  (54.230.190.16:443)

Remove safeguardapp.exe - Powered by Reason Core Security