» safeguardapp.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (41)

safeguardapp.exe

Alerts LLC

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application safeguardapp.exe by Alerts has been detected as adware by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SafeGuard’. This file is typically installed with the program SafeGuard by Alerts LLC which is a potentially unwanted software program.

File name:

safeguardapp.exe

Publisher:

Alerts LLC (signed and verified)

Version:

1.0.2.45

MD5:

88d860eb44ef8222df9539aab68fbbcd

SHA-1:

a8835617f5a6600aaffe2535a83204005144e96d

SHA-256:

bf482fe9141b621be61c5dd71c0baf65e3263a193c96dc65e21efb2953927cd7

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/30/2024 3:24:13 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Verti.K potentially unwanted (variant)

9.11413

herdProtect (fuzzy)

variant of stormwatchapp.exe (Adware)

2015.7.7.2

File size:

1.5 MB (1,537,552 bytes)

Product version:

1.0.2.45

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\safeguard\safeguardapp.exe

Digital Signature

Signed by:

Alerts LLC

Authority:

COMODO CA Limited

Valid from:

6/5/2014 1:00:00 AM

Valid to:

6/6/2015 12:59:59 AM

Subject:

CN=Alerts LLC, O=Alerts LLC, STREET="101 Colorado St #2309", L=Austin, S=TX, PostalCode=78701, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A4FE74573C3AAF1867F4DF866A77B161

File PE Metadata

Compilation timestamp:

4/1/2015 7:30:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:/r3favvSEa9uCw0EDoAomHqKwGgyihANVXFR/34SWYKF1Rl4cB8EQ4wylIfjTDzP:7f+vXbr0XK3g8NVVbsl73DlIgxJ9U

Entry address:

0x4CB03

Entry point:

E8, F5, C7, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 00, C2, 53, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 40, A5, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 19, C2, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC... 
[+]

Entropy:

5.9456

Code size:

953 KB (975,872 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SafeGuard

Command:

"C:\Program Files\safeguard\safeguardapp.exe"

The file safeguardapp.exe has been discovered within the following program.

SafeGuard by Alerts LLC

83% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to h151-125-213-194.rev.hosting.nbs-system.com (194.213.125.151:80)

TCP (HTTP SSL):

Connects to rev72.rtbhouse.net (37.140.238.72:443)

TCP (HTTP):

Connects to ec2-54-77-252-10.eu-west-1.compute.amazonaws.com (54.77.252.10:80)

TCP (HTTP):

Connects to xx-fbcdn-shv-01-cdg2.fbcdn.net (179.60.192.7:80)

TCP (HTTP SSL):

Connects to server-54-230-197-181.lhr50.r.cloudfront.net (54.230.197.181:443)

TCP (HTTP):

Connects to server-54-192-203-73.fra50.r.cloudfront.net (54.192.203.73:80)

TCP (HTTP):

Connects to r1-vip.rtbhouse.net (37.140.238.33:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-cdg2.facebook.com (179.60.192.36:443)

TCP (HTTP):

Connects to adnext.web.reagi.com (195.60.188.38:80)

TCP (HTTP):

Connects to a92-123-182-8.deploy.akamaitechnologies.com (92.123.182.8:80)

TCP (HTTP SSL):

Connects to server-54-192-129-160.ams50.r.cloudfront.net (54.192.129.160:443)

TCP (HTTP SSL):

Connects to server-54-192-129-228.ams50.r.cloudfront.net (54.192.129.228:443)

TCP:

Connects to unallocated.barefruit.co.uk (92.242.132.30:1025)

TCP (HTTP):

Connects to ec2-52-34-115-66.us-west-2.compute.amazonaws.com (52.34.115.66:80)

TCP (HTTP SSL):

Connects to server-54-230-78-130.cdg50.r.cloudfront.net (54.230.78.130:443)

TCP (HTTP SSL):

Connects to server-54-230-78-10.cdg50.r.cloudfront.net (54.230.78.10:443)

TCP (HTTP):

Connects to ec2-52-202-119-97.compute-1.amazonaws.com (52.202.119.97:80)

TCP (HTTP SSL):

Connects to server-54-230-7-99.dfw3.r.cloudfront.net (54.230.7.99:443)

TCP (HTTP SSL):

Connects to server-54-230-7-240.dfw3.r.cloudfront.net (54.230.7.240:443)

TCP (HTTP SSL):

Connects to server-54-230-7-13.dfw3.r.cloudfront.net (54.230.7.13:443)

Remove safeguardapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.