» j7safer-surfpv178.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (9)

j7safer-surfpv178.exe

The application j7safer-surfpv178.exe has been detected as adware by 11 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14067 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Safer-Surf by Revizer Technologies which is a potentially unwanted software program. While running, it connects to the Internet address 97.47.37a9.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

MD5:

a92afe295c51cd0d4b3a305fde4c4aff

SHA-1:

b6d0763be6a4e0db647b922932cb8755f2499bad

SHA-256:

635f56b2cfa0bb8e0d20d4b51026bc08498a33d9d7b3db9b3f5c1388827c2afc

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/23/2024 8:28:13 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.AddLyrics.17

866

avast!

Win32:Adware-BXP [Adw]

2014.9-140907

AVG

Adware Generic5

2015.0.3344

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.1497

Bitdefender

Gen:Variant.Adware.AddLyrics.17

1.0.20.1320

Emsisoft Anti-Malware

Gen:Variant.Adware.AddLyrics.17

8.14.09.21.02

ESET NOD32

Win32/AdWare.AddLyrics.BN (variant)

8.10359

F-Secure

Gen:Variant.Adware.AddLyrics.17

11.2014-21-09_1

G Data

Gen:Variant.Adware.AddLyrics.17

14.9.24

MicroWorld eScan

Gen:Variant.Adware.AddLyrics.17

15.0.0.792

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.21.14

File size:

295.5 KB (302,592 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ver2safer-surf\j7safer-surfpv178.exe

File PE Metadata

Compilation timestamp:

9/1/2014 5:59:10 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

3072:XHv3iCx3NBpy+Upz26aJ0f+WtqQ2gvNzjgpRjui5TfyP/v:Xfiw4B15aJmDpvpjgpRjui9Qn

Entry address:

0x10E4A

Entry point:

E8, 79, 66, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04... 
[+]

Entropy:

5.8673

Code size:

100.5 KB (102,912 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:14067/

Local host port:

14067

Default credentials:

The file j7safer-surfpv178.exe has been discovered within the following program.

Safer-Surf by Revizer Technologies

Safer-Surf is an Internet toolbar/plugin (for Internet Explorer it runs as a BHO, in Chrome and Firefox it will run as an extension) that plugs into the user's default web browser and will modify a number of settings such as taking control of the browser's search and home pages, new tab functionality as well as DNS 'not found' redirection.

87% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP):

Connects to 92b91b35.rdns.100tb.com (146.185.27.53:80)

TCP (HTTP):

Connects to 92b91b2d.rdns.100tb.com (146.185.27.45:80)

TCP:

Connects to yk-in-f188.1e100.net (74.125.196.188:5228)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (176.32.99.217:80)

TCP (HTTP SSL):

Connects to msnbot-65-55-252-43.search.msn.com (65.55.252.43:443)

TCP (HTTP SSL):

Connects to kul06s06-in-f6.1e100.net (173.194.126.102:443)

TCP (HTTP):

Connects to hosted-by.leaseweb.com (199.58.87.151:80)

TCP (HTTP):

Connects to 97.47.37a9.ip4.static.sl-reverse.com (169.55.71.151:80)

Remove j7safer-surfpv178.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.