» safeguardapp.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

safeguardapp.exe

Alerts LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application safeguardapp.exe by Alerts has been detected as adware by 12 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SafeGuard’. This file is typically installed with the program SafeGuard by Alerts LLC which is a potentially unwanted software program.

File name:

safeguardapp.exe

Publisher:

Alerts LLC (signed and verified)

Version:

1.0.2.25

MD5:

f842ab414a56a003f8f7397958d081f8

SHA-1:

6f29634e5f864b6311ee4c16e00c62ab96938695

SHA-256:

64ff03df0816da5b2faff1bf0782b6a3205f5574ecea765748d10d5ee9f50b3c

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

11/23/2024 8:04:09 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen7

3.6.1.96

Dr.Web

Adware.Plugin.962

9.0.1.088

ESET NOD32

Win32/Verti.K potentially unwanted (variant)

9.11391

Fortinet FortiGate

Riskware/Verti

3/29/2015

herdProtect (fuzzy)

variant of stormwatchapp.exe (Adware)

2015.7.3.15

K7 AntiVirus

Trojan

13.202.15414

Malwarebytes

PUP.Optional.StormWatch.A

v2015.04.02.02

McAfee

Artemis!F842AB414A56

5600.6812

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.2.2

Sophos

Generic PUA GP

4.98

Trend Micro House Call

Suspicious_GEN.F47V0318

7.2.88

File size:

1.5 MB (1,537,040 bytes)

Product version:

1.0.2.25

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\safeguard\safeguardapp.exe

Digital Signature

Signed by:

Alerts LLC

Authority:

COMODO CA Limited

Valid from:

6/5/2014 2:00:00 AM

Valid to:

6/6/2015 1:59:59 AM

Subject:

CN=Alerts LLC, O=Alerts LLC, STREET="101 Colorado St #2309", L=Austin, S=TX, PostalCode=78701, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A4FE74573C3AAF1867F4DF866A77B161

File PE Metadata

Compilation timestamp:

3/17/2015 7:06:17 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:W5o2NboQuW+dCZpjHHONUngnG8lv+ojpwC741O9yJgqeA0Y8L6UI3ZFumLjTDzjj:D2toTkHynGuv+epwCIOqA7EZFuewyOq

Entry address:

0x4CAC3

Entry point:

E8, E5, C7, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 00, C2, 53, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 30, A5, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 19, C2, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC... 
[+]

Code size:

952.5 KB (975,360 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SafeGuard

Command:

"C:\Program Files\safeguard\safeguardapp.exe"

The file safeguardapp.exe has been discovered within the following program.

SafeGuard by Alerts LLC

83% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):

Connects to server-54-230-190-16.maa3.r.cloudfront.net (54.230.190.16:443)

Remove safeguardapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.