j7safer-surfpv178.exe

The application j7safer-surfpv178.exe has been detected as adware by 11 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14067 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Safer-Surf by Revizer Technologies which is a potentially unwanted software program. While running, it connects to the Internet address 97.47.37a9.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
MD5:
a92afe295c51cd0d4b3a305fde4c4aff

SHA-1:
b6d0763be6a4e0db647b922932cb8755f2499bad

SHA-256:
635f56b2cfa0bb8e0d20d4b51026bc08498a33d9d7b3db9b3f5c1388827c2afc

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
10/22/2017 9:36:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.AddLyrics.17
866

avast!
Win32:Adware-BXP [Adw]
2014.9-140907

AVG
Adware Generic5
2015.0.3344

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.1497

Bitdefender
Gen:Variant.Adware.AddLyrics.17
1.0.20.1320

Emsisoft Anti-Malware
Gen:Variant.Adware.AddLyrics.17
8.14.09.21.02

ESET NOD32
Win32/AdWare.AddLyrics.BN (variant)
8.10359

F-Secure
Gen:Variant.Adware.AddLyrics.17
11.2014-21-09_1

G Data
Gen:Variant.Adware.AddLyrics.17
14.9.24

MicroWorld eScan
Gen:Variant.Adware.AddLyrics.17
15.0.0.792

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.21.14

File size:
295.5 KB (302,592 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ver2safer-surf\j7safer-surfpv178.exe

File PE Metadata
Compilation timestamp:
9/1/2014 5:59:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:XHv3iCx3NBpy+Upz26aJ0f+WtqQ2gvNzjgpRjui5TfyP/v:Xfiw4B15aJmDpvpjgpRjui9Qn

Entry address:
0x10E4A

Entry point:
E8, 79, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04...
 
[+]

Entropy:
5.8673

Code size:
100.5 KB (102,912 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:14067/

Local host port:
14067

Default credentials:
No


The file j7safer-surfpv178.exe has been discovered within the following program.

Safer-Surf  by Revizer Technologies
Safer-Surf is an Internet toolbar/plugin (for Internet Explorer it runs as a BHO, in Chrome and Firefox it will run as an extension) that plugs into the user's default web browser and will modify a number of settings such as taking control of the browser's search and home pages, new tab functionality as well as DNS 'not found' redirection.
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to 92b91b35.rdns.100tb.com  (146.185.27.53:80)

TCP (HTTP):
Connects to 92b91b2d.rdns.100tb.com  (146.185.27.45:80)

TCP:
Connects to yk-in-f188.1e100.net  (74.125.196.188:5228)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (176.32.99.217:80)

TCP (HTTP SSL):
Connects to msnbot-65-55-252-43.search.msn.com  (65.55.252.43:443)

TCP (HTTP SSL):
Connects to kul06s06-in-f6.1e100.net  (173.194.126.102:443)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.151:80)

TCP (HTTP):
Connects to 97.47.37a9.ip4.static.sl-reverse.com  (169.55.71.151:80)

Remove j7safer-surfpv178.exe - Powered by Reason Core Security