secureassist.exe

SecureAssist.exe

SecureAssist

The application secureassist.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “SecureAssist”. This file is typically installed with the program suprasavings by Opiniads which is a potentially unwanted software program. While running, it connects to the Internet address 186-228-156-49.ded.intelignet.com.br on port 443.
Publisher:
SecureAssist

Product:
SecureAssist.exe

Version:
2.2.8.13

MD5:
62bdfc12003eec8f2b3d504a2d4bfd3e

SHA-1:
803831f67dd302e18a08779e843a036fb53207fc

SHA-256:
d1ed80dee914cc25875820d8b4c7d12bc6f9d5eb89d4e27c559e2fdb27805bc9

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2018 4:05:48 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win64/Packed.Komodia.A suspicious application
6.3.12010.0

Reason Heuristics
Adware.AdPeak (M)
16.10.16.19

File size:
1.5 MB (1,558,032 bytes)

Product version:
2.2.8.13

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\suprasavings\secureassist.exe

File PE Metadata
Compilation timestamp:
3/7/2014 4:17:29 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:pa6U7xjiWXKTaIZ80Gc/grJ6/vT9eo72KRdj6sW7Q0WKTUmfXTYT23nIYRpwqOU+:tTaWEp63pp2KO5Q0WKTUmvTYi4YoUzwH

Entry address:
0x3FEC

Entry point:
48, 83, EC, 28, E8, 17, 47, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, E9, D3, 0D, 00, 00, CC, CC, CC, 48, 8D, 05, 71, 05, 01, 00, 48, 89, 01, E9, A1, 13, 00, 00, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, 57, 05, 01, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, 82, 13, 00, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, BD, FF, FF, FF, 48, 8B, C7, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, C3, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, E8, D6, 12, 00, 00, 4C, 8D, 1D, 17, 05, 01, 00, 4C, 89, 1B...
 
[+]

Code size:
71.5 KB (73,216 bytes)

Service
Display name:
SecureAssist

Description:
SecureAssist Service

Type:
Win32OwnProcess

Depends on:
RPCSS


The file secureassist.exe has been discovered within the following program.

suprasavings  by Opiniads
Injects advertising in the user's web browser and is included in download bundles from distributors such as Apps Installer SL. From the installer: "After installing SupraSavings, you may receive ads as you browse the web that are identified as SupraSavings advertisements.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP SSL):
Connects to a23-4-245-145.deploy.static.akamaitechnologies.com  (23.4.245.145:443)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.bra.yahoo.com  (200.152.162.161:443)

TCP (HTTP):
Connects to a72-246-97-40.deploy.akamaitechnologies.com  (72.246.97.40:80)

TCP (HTTP):
Connects to 200-157-208-240.ded.intelignet.com.br  (200.157.208.240:80)

TCP (HTTP SSL):
Connects to 186-228-156-49.ded.intelignet.com.br  (186.228.156.49:443)

TCP (HTTP):
Connects to r-67-44-234-77.ff.avast.com  (77.234.44.67:80)

TCP (HTTP):
Connects to a72-246-97-34.deploy.akamaitechnologies.com  (72.246.97.34:80)

TCP (HTTP):

TCP (HTTP):
Connects to 200-157-208-241.ded.intelignet.com.br  (200.157.208.241:80)

TCP (HTTP SSL):
Connects to a23-38-152-157.deploy.static.akamaitechnologies.com  (23.38.152.157:443)

TCP (HTTP SSL):
Connects to 186-228-156-45.ded.intelignet.com.br  (186.228.156.45:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP:
Connects to fttu-67-223-30-131.btes.tv  (67.223.30.131:23609)

TCP (HTTP SSL):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:443)

TCP:
Connects to ec2-34-197-17-118.compute-1.amazonaws.com  (34.197.17.118:4007)

TCP:
Connects to cmodem-131.221.19-69.cescom.net.ar  (131.221.19.69:53358)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to a69-192-62-3.deploy.akamaitechnologies.com  (69.192.62.3:80)

Remove secureassist.exe - Powered by Reason Core Security