» iSafeTray.exe
Overview
Analysis
File Details
Network (5)

iSafeTray.exe

YAC Security Protection

Elex do Brasil Participações Ltda

The application iSafeTray.exe by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 10 anti-malware scanners. While running, it connects to the Internet address 92.2b.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

iSafeTray.exe

Publisher:

Elex do Brasil Participações Ltda (signed and verified)

Product:

YAC Security Protection

Description:

YACTray

Version:

6.5.21.26197

MD5:

362b66474f4a423e1242a7cf878dc55f

SHA-1:

15c24bc82cf1f0b90d864c0c217f6176e8879777

SHA-256:

7319edcbdc073905a1dce6b3fe29383fef967d51bed02d6feb2dbb861ba8035e

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 12:29:44 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

avast!

Win32:Malware-gen

2014.9-150605

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Mutabaha.384

9.0.1.05190

ESET NOD32

Win32/ELEX.CC potentially unwanted application

7.0.302.0

Malwarebytes

FraudTool.YAC

v2015.06.05.02

Panda Antivirus

PUP/YAC

15.06.05.02

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Win32.Generic.ELEX.Meta

15.6.5.2

Trend Micro House Call

Suspicious_GEN.F47V0325

7.2.156

File size:

350.3 KB (358,696 bytes)

Product version:

6.5.21.26197

Original file name:

iSafeTray.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\isafetray.exe

Digital Signature

Signed by:

Elex do Brasil Participações Ltda

Authority:

VeriSign, Inc.

Valid from:

6/23/2014 2:00:00 AM

Valid to:

6/21/2015 1:59:59 AM

Subject:

CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=São Paulo, S=São Paulo, C=BR

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5C6950D0A05A1CD63164D1E1EB1FFB8A

File PE Metadata

Compilation timestamp:

5/29/2015 12:13:46 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:3qEod11ojXi0+QG6hEBHTfXmT1V8FsgIVFkd6HoGDbojSF2D:Hod11ojkQG6yHrXA1V8FsgIloGDbojSc

Entry address:

0x1DDD3

Entry point:

E8, E9, 03, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, C0, 30, 42, 00, 6A, 01, A3, 04, 87, 43, 00, E8, E0, 04, 00, 00, FF, 75, 08, E8, DE, 04, 00, 00, 83, 3D, 04, 87, 43, 00, 00, 59, 59, 75, 08, 6A, 01, E8, C6, 04, 00, 00, 59, 68, 09, 04, 00, C0, E8, C7, 04, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 6C, 14, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, E8, 84, 43, 00, 89, 0D, E4, 84, 43, 00, 89, 15, E0, 84, 43, 00, 89, 1D, DC, 84, 43, 00, 89, 35, D8, 84, 43, 00, 89, 3D, D4... 
[+]

Code size:

135 KB (138,240 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to d5.d3.c0ad.ip4.static.sl-reverse.com (173.192.211.213:80)

TCP (HTTP):

Connects to b3.80.adb8.ip4.static.sl-reverse.com (184.173.128.179:80)

TCP (HTTP):

Connects to 92.2b.6132.ip4.static.sl-reverse.com (50.97.43.146:80)

TCP (HTTP SSL):

Connects to server-54-192-159-171.sin3.r.cloudfront.net (54.192.159.171:443)

TCP (HTTP SSL):

Connects to server-54-192-159-135.sin3.r.cloudfront.net (54.192.159.135:443)

Remove iSafeTray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.