BrowserSafer.exe

BrowserSafer

Installer Technology Co.

The application BrowserSafer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 13101 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Installer Technology Co.

Product:
BrowserSafer

Version:
1, 0, 2, 2

MD5:
651ab79ec3fc49f7eefffce5c46bb442

SHA-1:
f798fa1b87ed51b24c05021eadac1a80cf751f57

SHA-256:
71b15cd6f9e73b19ff3d25f08e5e715256f5c6a6439389ec4cf2276ed96d7393

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/16/2018 2:38:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallerTech (M)
17.1.13.21

File size:
550.5 KB (563,712 bytes)

Product version:
1, 0, 2, 2

Copyright:
Copyright InstallerTech 2014

Original file name:
BrowserSafer.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\browsersafer\browsersafer.exe

File PE Metadata
Compilation timestamp:
12/22/2016 7:01:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

Entry address:
0x3F240

Entry point:
E8, A2, B2, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 1B, B3, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, CB, F2, 43, 00, 6A, 00, FF, 75, 0C...
 
[+]

Entropy:
6.3895

Code size:
382.5 KB (391,680 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:13101/

Local host port:
13101

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 172-245-127-171-host.colocrossing.com  (172.245.127.171:80)

TCP (HTTP):
Connects to customer.careerwebmasters.com  (174.127.72.117:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-52-149-163.deploy.static.akamaitechnologies.com  (23.52.149.163:80)

TCP (HTTP):
Connects to omegle.com  (107.6.108.4:80)

TCP (HTTP):
Connects to g1t4195.austin.hp.com  (15.216.111.25:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-54-181-163.deploy.static.akamaitechnologies.com  (23.54.181.163:80)

TCP (HTTP):
Connects to 172-245-127-102-host.colocrossing.com  (172.245.127.102:80)

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (66.225.197.197:80)

TCP (HTTP):
Connects to https-208-111-171-143.ord.llnw.net  (208.111.171.143:80)

TCP (HTTP):
Connects to ec2-54-82-239-65.compute-1.amazonaws.com  (54.82.239.65:80)

TCP (HTTP):
Connects to ec2-54-210-31-254.compute-1.amazonaws.com  (54.210.31.254:80)

TCP (HTTP):
Connects to ec2-52-87-90-15.compute-1.amazonaws.com  (52.87.90.15:80)

TCP (HTTP):
Connects to ec2-52-73-79-60.compute-1.amazonaws.com  (52.73.79.60:80)

TCP (HTTP):
Connects to ec2-52-71-160-229.compute-1.amazonaws.com  (52.71.160.229:80)

TCP (HTTP):
Connects to ec2-52-54-171-173.compute-1.amazonaws.com  (52.54.171.173:80)

TCP (HTTP):
Connects to ec2-52-45-19-6.compute-1.amazonaws.com  (52.45.19.6:80)

TCP (HTTP):
Connects to ec2-34-198-58-174.compute-1.amazonaws.com  (34.198.58.174:80)

Remove BrowserSafer.exe - Powered by Reason Core Security