» SafeMonitorService.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

SafeMonitorService.exe

Safe Monitor Service

Western Web Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application SafeMonitorService.exe by Western Web Applications has been detected as adware by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Safe Monitor”. This file is typically installed with the program Safe Monitor by Western Web Applications, LLC which is a potentially unwanted software program.

File name:

Publisher:

Western Web Applications, LLC (signed and verified)

Product:

Safe Monitor Service

Version:

1.0.0.0

MD5:

395ff2d8282085f09f6cbcee9cc45e60

SHA-1:

694b15f1da7f542a3d9681960df26b7b486ef502

SHA-256:

088da067d2f339cb5739741398dcdf963edf5355de51b61ee242367bf6c765e1

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

11/27/2024 5:09:50 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Android.Trojan.Boqx

8.14.03.06.07

Reason Heuristics

PUP.Service.WesternWebApplications.S

14.4.7.1

VIPRE Antivirus

SearchDonkey

26682

File size:

54.1 KB (55,448 bytes)

Product version:

1.0.0.0

Original file name:

SafeMonitorService.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\safemonitor\safemonitorservice.exe

Digital Signature

Signed by:

Western Web Applications, LLC

Authority:

COMODO CA Limited

Valid from:

5/24/2013 2:00:00 AM

Valid to:

5/25/2014 1:59:59 AM

Subject:

CN="Western Web Applications, LLC", O="Western Web Applications, LLC", STREET=640 E Grand Ave, STREET=Suite 129, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2A1B337726D509D16C17362E2E625DE9

File PE Metadata

Compilation timestamp:

2/11/2014 1:22:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:uZzGxHiByArQogDLc/6NP3sA4WwfJV4X2LjgGzZ3iEO:ulGxHiByArQ3XI62j4X2LjgGQp

Entry address:

0xCEAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

44 KB (45,056 bytes)

Service

Display name:

Safe Monitor

Service name:

SafeMonitor

Description:

Provides system level support for Safe Monitor.

Type:

Win32OwnProcess

The file SafeMonitorService.exe has been discovered within the following program.

Safe Monitor by Western Web Applications, LLC

Safe Monitor bundles various potentially unwanted toolbars. From the EULA: "Safe Monitor is entirely free to use. In order to keep Safe Monitor free, we've partnered with high-quality ad providers and you may see additional ads when Safe Monitor is installed.

www.safemonitorapp.com

73% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-218-62-24.us-west-2.compute.amazonaws.com (54.218.62.24:80)

TCP (HTTP):

Connects to ec2-54-213-104-242.us-west-2.compute.amazonaws.com (54.213.104.242:80)

Remove SafeMonitorService.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.