secureassist.exe

SecureAssist.exe

SecureAssist

The executable secureassist.exe has been detected as malware by 2 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “SecureAssist”. This file is typically installed with the program suprasavings by Opiniads which is a potentially unwanted software program. While running, it connects to the Internet address static.213-239-195-215.clients.your-server.de on port 443.
Publisher:
SecureAssist

Product:
SecureAssist.exe

Version:
2.2.8.13

MD5:
03e4769e69da12c48253cf0e5fe3b440

SHA-1:
2afc5784f420434dcebb3b160cd908d70f3d9041

SHA-256:
75d09c6d8a95fa428ad45782b11cc8b1ff2d9a92730b1638a98adc1bee4e9d11

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
10/23/2017 9:37:04 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation
14.3.30.21

File size:
1.2 MB (1,283,616 bytes)

Product version:
2.2.8.13

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\suprasavings\secureassist.exe

File PE Metadata
Compilation timestamp:
3/7/2014 7:17:25 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:tviHlcTlhf7q/dDB5EoRm+YGCVfyApl8pMi7/HgWu9IN02cGkuz1QZriO39w98S:tKOTK/dDjE2m+gxWmi7/H29Ia2HN5QZO

Entry address:
0x354F

Entry point:
E8, E8, 3B, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 69, 0C, 00, 00, 8B, FF, 56, 6A, 01, 68, 68, 80, 41, 00, 8B, F1, E8, 23, 10, 00, 00, C7, 06, CC, 22, 41, 00, 8B, C6, 5E, C3, C7, 01, CC, 22, 41, 00, E9, 88, 10, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, CC, 22, 41, 00, E8, 75, 10, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, B0, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, F4, 0F, 00, 00, C7, 06, CC, 22, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B...
 
[+]

Entropy:
7.9787  (probably packed)

Code size:
64 KB (65,536 bytes)

Service
Display name:
SecureAssist

Description:
SecureAssist Service

Type:
Win32OwnProcess

Depends on:
RPCSS


The file secureassist.exe has been discovered within the following program.

suprasavings  by Opiniads
Injects advertising in the user's web browser and is included in download bundles from distributors such as Apps Installer SL. From the installer: "After installing SupraSavings, you may receive ads as you browse the web that are identified as SupraSavings advertisements.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:443)

TCP (HTTP):
Connects to r-67-44-234-77.ff.avast.com  (77.234.44.67:80)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP):
Connects to ec2-52-2-10-61.compute-1.amazonaws.com  (52.2.10.61:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 108-174-12-129.fwd.linkedin.com  (108.174.12.129:443)

TCP:
Connects to protected.hyperfilter.com  (185.30.166.14:5806)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP SSL):
Connects to a23-203-228-211.deploy.static.akamaitechnologies.com  (23.203.228.211:443)

TCP (HTTP):
Connects to a173-223-52-17.deploy.static.akamaitechnologies.com  (173.223.52.17:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-atl3.fbcdn.net  (31.13.65.7:443)

TCP (HTTP):
Connects to server-54-239-132-4.sfo9.r.cloudfront.net  (54.239.132.4:80)

TCP (HTTP):
Connects to server-52-84-33-21.ewr50.r.cloudfront.net  (52.84.33.21:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP):
Connects to r-70-40-234-77.ff.avast.com  (77.234.40.70:80)

TCP (HTTP SSL):
Connects to new-york-10.cdn77.com  (185.59.223.14:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to ec2-54-233-190-5.sa-east-1.compute.amazonaws.com  (54.233.190.5:80)

TCP (HTTP SSL):
Connects to ec2-54-183-156-175.us-west-1.compute.amazonaws.com  (54.183.156.175:443)

TCP (HTTP):

Remove secureassist.exe - Powered by Reason Core Security