BrowserSafer.exe

BrowserSafer

BrowserSafer Co

The application BrowserSafer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “BrowserSafer”. While running, it connects to the Internet address 172-245-127-171-host.colocrossing.com on port 80 using the HTTP protocol.
Publisher:
BrowserSafer Co

Product:
BrowserSafer

Version:
1, 0, 2, 2

MD5:
205b4c4ea99c60c13b744eb92a2938f6

SHA-1:
a1f0f23d91717ec5c65e25cb4c48e3bba86311ad

SHA-256:
826df90422532d79c938dae97e5371679b07bbe49bd0fdf38966d293824944d1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
3/2/2017 8:22:41 AM UTC  (eight months ago)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallerTech (M)
17.3.2.3

File size:
2.2 MB (2,327,040 bytes)

Product version:
1, 0, 2, 2

Copyright:
Copyright BrowserSafer Co 2014

Original file name:
BrowserSafer.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\browsersafer\browsersafer.exe

File PE Metadata
Compilation timestamp:
2/28/2017 7:53:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
14.0

Entry address:
0x159923

Entry point:
E8, 66, 07, 00, 00, E9, 87, FE, FF, FF, FF, 25, 30, CB, 59, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 49, F5, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 38, F5, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, E4, 7D, 5F, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00...
 
[+]

Entropy:
6.5446

Code size:
1.6 MB (1,682,432 bytes)

Service
Display name:
BrowserSafer

Description:
This service will protect all your browsers from potential dangerous pages and sites.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 172-245-127-171-host.colocrossing.com  (172.245.127.171:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-54-186-199-44.us-west-2.compute.amazonaws.com  (54.186.199.44:80)

TCP (HTTP):
Connects to ec2-34-198-225-71.compute-1.amazonaws.com  (34.198.225.71:80)

TCP (HTTP):
Connects to 172-245-127-52-host.colocrossing.com  (172.245.127.52:80)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

TCP (HTTP):
Connects to ec2-54-165-232-213.compute-1.amazonaws.com  (54.165.232.213:80)

TCP (HTTP):
Connects to ec2-52-7-177-214.compute-1.amazonaws.com  (52.7.177.214:80)

TCP (HTTP):
Connects to ec2-52-207-103-4.compute-1.amazonaws.com  (52.207.103.4:80)

TCP (HTTP):
Connects to 172-245-127-33-host.colocrossing.com  (172.245.127.33:80)

TCP (HTTP):
Connects to ec2-52-4-203-50.compute-1.amazonaws.com  (52.4.203.50:80)

TCP (HTTP):
Connects to ec2-52-3-190-48.compute-1.amazonaws.com  (52.3.190.48:80)

TCP (HTTP):
Connects to ec2-34-200-178-221.compute-1.amazonaws.com  (34.200.178.221:80)

TCP (HTTP):
Connects to static-106-212-205-209.24shells.net  (209.205.212.106:80)

TCP (HTTP):
Connects to ec2-34-198-53-117.compute-1.amazonaws.com  (34.198.53.117:80)

TCP (HTTP):
Connects to 37-97-173-64.colo.transip.net  (37.97.173.64:80)

TCP (HTTP):
Connects to static-122-212-205-209.24shells.net  (209.205.212.122:80)

TCP (HTTP):
Connects to 172-245-127-102-host.colocrossing.com  (172.245.127.102:80)

TCP (HTTP):
Connects to ec2-54-154-212-242.eu-west-1.compute.amazonaws.com  (54.154.212.242:80)

Remove BrowserSafer.exe - Powered by Reason Core Security