home

SafeSurf.exe

SafeSurf

JetSwap Inc.

The application SafeSurf.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘jsafesurf’. This file is typically installed with the program JetSwap SafeSurf by JetSwap Inc.. While running, it connects to the Internet address bspb2.kavanga.ru on port 443.
Publisher:
JetSwap Inc.

Product:
SafeSurf

Version:
2.0

MD5:
0b32749ce038d8ef14b2f8c5fc9dc9e1

SHA-1:
0951fb6eefae44b4045a2682224229c843edaefa

SHA-256:
bf4bbad84e91224904eb2dcb86efc6b32464b4cb2c74c775001dcb12204b0abc

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 5:09:32 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/SafeSurf.485376
8.3.3.2

avast!
Win32:SafeSurf [PUP]
2014.9-160322

ESET NOD32
MSIL/Adware.SafeSurf.AA (variant)
10.13191

Malwarebytes
PUP.Optional.SafeGuard
v2016.03.22.09

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16320

File size:
474 KB (485,376 bytes)

Product version:
2.0

Copyright:
Copyright © JetSwap 2005-2015

Original file name:
SafeSurf.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\safesurf\safesurf.exe

File PE Metadata
Compilation timestamp:
3/16/2016 12:11:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:FAYXLTGAq66+Ya4JkLvdsst7lumGvvbS40KzxqXvCyn5k5p+3+OOPZzuo2:F/XL+KjbNCo5E6OPso2

Entry address:
0x775CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 70, 07, 00, 0C, 00, 00, 00, D0, 35, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
469.5 KB (480,768 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
jsafesurf

Command:
C:\Program Files\safesurf\safesurf.exe


The file SafeSurf.exe has been discovered within the following program.

JetSwap SafeSurf  by JetSwap Inc.
www.jetswap.com
About 7% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.yandex.ru  (213.180.193.3:80)

TCP (HTTP):
Connects to jetswap.com  (74.84.129.18:80)

TCP (HTTP):
Connects to z-payment.com  (138.201.1.34:80)

TCP (HTTP):
Connects to yandex.ru  (77.88.55.55:80)

TCP (HTTP):
Connects to virtualsoccer.ru  (148.251.54.84:80)

TCP (HTTP):
Connects to top-fwz1.mail.ru  (217.69.136.175:80)

TCP (HTTP SSL):
Connects to sync.1dmp.io  (136.243.6.169:443)

TCP (HTTP SSL):
Connects to static.141.96.251.148.clients.your-server.de  (148.251.96.141:443)

TCP (HTTP SSL):
Connects to static.131.1.251.148.clients.your-server.de  (148.251.1.131:443)

TCP (HTTP SSL):
Connects to ssp.rambler.ru  (91.192.148.14:443)

TCP (HTTP):
Connects to srv11.hotlog.ru  (95.163.105.111:80)

TCP (HTTP):
Connects to server-54-192-130-125.ams50.r.cloudfront.net  (54.192.130.125:80)

TCP (HTTP SSL):
Connects to prod-hzeu-facetz-lba-1.dca-ops.tech  (136.243.131.17:443)

TCP (HTTP SSL):
Connects to prod-hzeu-exebid-lba-2.dca-ops.tech  (136.243.131.38:443)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (213.180.193.119:443)

TCP (HTTP):
Connects to js.hotlog.ru  (95.163.105.93:80)

TCP (HTTP SSL):
Connects to i03.globalteaser.com  (94.250.248.204:443)

TCP (HTTP SSL):
Connects to host-4.31.119.176.in-addr.arpa  (176.119.31.4:443)

TCP (HTTP SSL):
Connects to front.bnet.rambler.ru  (81.19.77.12:443)

Remove SafeSurf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.