home

safeguardbrowser.exe

The executable safeguardbrowser.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address *.d1.sc.omtrdc.net on port 443.
Version:
1.0.2.2

MD5:
630945f4af95f011cc029f5823253999

SHA-1:
c770bd6228e5c366a86d2ceabc360625407b8394

SHA-256:
e10e2c2812dac8d3929869724c7280912353ef195a91e135f3f157bf27cb305e

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/23/2024 2:19:19 PM UTC  (today)

Scan engine
Detection
Engine version

Arcabit
Trojan.Kazy.DBA982
1.0.0.593

Bitdefender
Gen:Variant.Kazy.764290
1.0.20.1585

Emsisoft Anti-Malware
Gen:Variant.Kazy.764290
8.15.11.13.10

F-Secure
Gen:Variant.Kazy.764290
11.2015-13-11_6

G Data
Gen:Variant.Kazy.764290
15.11.25

MicroWorld eScan
Gen:Variant.Kazy.764290
16.0.0.951

Reason Heuristics
Threat.Win.Reputation.IMP
16.1.3.13

File size:
528.5 KB (541,184 bytes)

Product version:
1.0.2.2

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\safeguard\safeguardbrowser.exe

File PE Metadata
Compilation timestamp:
11/6/2015 2:47:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:pHQMUGu9JFNiOPP5lQYwvvpR5K43sWw3K+aAO0AO2DZiGZ4WX:kGuZ/QPJR5Dsb3K+aisDYG6WX

Entry address:
0x2E879

Entry point:
E8, F8, A4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, B0, 81, 47, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, DE, A9, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 8D, 85, E4, FC, FF, FF, 6A, 4C, 6A, 00, 50, E8, D3, 1F, 00, 00, 8D, 85, E0, FC, FF, FF, 83, C4, 0C, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.4178

Code size:
343 KB (351,232 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-129-184.ams50.r.cloudfront.net  (54.192.129.184:80)

TCP (HTTP):
Connects to a95-100-99-35.deploy.akamaitechnologies.com  (95.100.99.35:80)

TCP (HTTP):
Connects to t-ams5.mplxtms.com  (63.215.202.72:80)

TCP (HTTP SSL):
Connects to va.v.liveperson.net  (208.89.12.87:443)

TCP (HTTP):
Connects to ec2-34-199-132-228.compute-1.amazonaws.com  (34.199.132.228:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-amt2.fbcdn.net  (31.13.64.21:443)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-ams3.fbcdn.net  (31.13.91.6:80)

TCP (HTTP):
Connects to static.criteo.net  (178.250.2.74:80)

TCP (HTTP):
Connects to a88-221-254-51.deploy.akamaitechnologies.com  (88.221.254.51:80)

TCP (HTTP):
Connects to a88-221-254-210.deploy.akamaitechnologies.com  (88.221.254.210:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-amt2.facebook.com  (31.13.64.35:443)

TCP (HTTP):
Connects to widget.criteo.com  (178.250.2.80:80)

TCP (HTTP SSL):
Connects to server-54-192-119-79.sfo9.r.cloudfront.net  (54.192.119.79:443)

TCP (HTTP):
Connects to ec2-52-57-48-110.eu-central-1.compute.amazonaws.com  (52.57.48.110:80)

TCP (HTTP):
Connects to ec2-52-4-93-254.compute-1.amazonaws.com  (52.4.93.254:80)

TCP (HTTP SSL):
Connects to am-lpcdn.lpsnmedia.net  (178.249.101.98:443)

TCP (HTTP SSL):
Connects to a104-88-46-11.deploy.static.akamaitechnologies.com  (104.88.46.11:443)

TCP (HTTP):
Connects to server-54-192-129-64.ams50.r.cloudfront.net  (54.192.129.64:80)

TCP (HTTP SSL):
Connects to server-54-192-129-233.ams50.r.cloudfront.net  (54.192.129.233:443)

TCP (HTTP SSL):
Connects to server-54-192-129-202.ams50.r.cloudfront.net  (54.192.129.202:443)

Remove safeguardbrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.