home

Search Safer Inc.

Publisher Information

Search Safer Inc. is a software developer located in San Francisco, California in the United States*. The company is a primary distributor of unwanted software. Search Safer is part of the Zako Solutions brand of monetization products that are designed to distribute web browser toolbars, non-search offers and in-app purchases through freeware and shareware software. Zako/Search Safe is run by Yossi Fishler located at 450 Townsend in San Francisco, CA 94107. Thre are 21 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
1/6/2014 4:00:00 PM

Valid to:
2/10/2016 4:00:00 AM

Subject:
CN=Search Safer Inc., O=Search Safer Inc., L=San Francisco, S=California, C=US, PostalCode=94107, STREET=665 3rd st, STREET=suite 150, SERIALNUMBER=5189473, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0a9503052352494760e64f027ed81bda

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.SearchSafer.R, PUP.SearchSafer.H, PUP.SearchSafer.Q, PUP.SearchSafer.I, PUP.Service.SearchSafer.F, PUP.SearchSafer.K, PUP.Installer.SearchSafer, PUP.SearchSafer.Installer (M), PUP.SearchSa.Installer (M), PUP (M)
100.00%

Dr.Web
Adware.Downware.2032, Adware.Downware.1899, Trojan.FakeAV.16932, Trojan.FakeAV.16976, Adware.Conduit.45, Adware.Plugin.162, Adware.Downware.10940, Adware.Downware.1899
58.82%

Malwarebytes
PUP.Optional.Adwareplugin, PUP.Optional.StartSavin.A, PUP.Optional.Conduit, PUP.Optional.SearchSafer
32.35%

AVG
SeSafer, MalSign.SeSafer
26.47%

Trend Micro House Call
ADW_CHATZUM, TROJ_GEN.F47V0221, TROJ_DLOADR.VEQ, TROJ_GEN.F47V0305, TROJ_GEN.F47V0308, TROJ_GE.40F5AE2F, TROJ_GEN.F47V0216
26.47%

Qihoo 360 Security
HEUR/Malware.QVM10.Gen, Trojan.Generic, HEUR/Malware.QVM06.Gen, Win32/Virus.RiskTool.c39
20.59%

VIPRE Antivirus
GamePlayLabs, Conduit, Trojan.Win32.Generic!SB.0, Search Safer, Threat.4895342
20.59%

NANO AntiVirus
Trojan.Win32.Generic.ctuoat, Trojan.Win32.Generic.ctuoah, Riskware.Win32.Conduit.dvtopc
17.65%

ESET NOD32
Win32/AdWare.SmartApps, Win32/Toolbar.Conduit.AM potentially unwanted
17.65%

McAfee
Artemis!6A5153A81B9C, Artemis!977F548E1D72, Artemis!04BA25FFC088, Artemis!34227B0203AA, Artemis!0D5B2C97B246
14.71%

1 / 68      (Adware)
service.exe  (1a171dcc8c82b4b53e4344624aeb0f7e)

1 / 68      (Adware)
inetc.dll  (d1ba37aa253aa85e08e8bee0f7199649)

1 / 68      (Adware)
updater.exe  (c1934b67eb8e0b874c7844a3b2c3c26c)

1 / 68      (Adware)
file_to_run551566.exe  (b832c673773c3eb270184cd1469adbde)

1 / 68      (Adware)
updateruknew.exe  (5c239fbce082cfd45f9148baf3511c18)

1 / 68      (Adware)
value.exe  (df01941d3692c5f0bfa4e21da425cd1d)

1 / 68      (Adware)
taskinst41.exe  (71994ef8d3e886a5ec70abac1d39c141)

3 / 68      (Adware)
tmp00000010c7b9beb6ac4feb9a  (ecb5ec85ed591151c4c4fef76ceb074c)

4 / 68      (Adware)
tmp00000004267823c4258e3796  (0474a5b577beaaef7b450e311d2190a2)

1 / 68      (Adware)
service.exe  (e815b69d5bc27cb935aee2f162818ba1)

1 / 68      (Adware)
valueappsinst.exe  (947800665489cb146c8e3369c8950398)

18 / 68    (Adware)
file_to_run55457.exe  (0d5b2c97b246d5f4d8c2635086c6f203)

10 / 68    (Adware)
updater.exe  (f1f603f14aebfb77a335a1e1985f4738)

9 / 68      (Adware)
updater.exe  (58589dd903537bd977fa359e6a4c55ed)

3 / 68      (Adware)
updaterusnew.exe  (8efd5e990f4918321bdaad70c407f03a)

16 / 68    (Adware)
updater.exe  (34227b0203aad4e3209c6fe396027beb)

8 / 68      (Adware)
winupdateruk.exe  (04ba25ffc08845a511d8a4d7766e6149)

2 / 68      (Adware)
inetc.dll  (c69a102fbf1629eba30dd05afa4ded89)

4 / 68      (Adware)
updater.exe  (b0a864f0051a9848e46f7ab37aa9da58)

4 / 68      (Adware)
file_to_run5559.exe  (432805c4d862bf48de3ef7b928c0afff)

9 / 68      (Adware)
taskinst42.exe  (faf0a90cb715a9eeceb192c5f4a74105)

4 / 68      (Adware)
pcreg.exe  (9e21de272b1c8ab9276f168666fe3362)

7 / 68      (Adware)
file_to_run551779.exe  (977f548e1d72346bc258637bd7465c9f)

4 / 68      (Adware)
file_to_run551673.exe  (2af2b3ff19af40be1b56199bd989ce53)

2 / 68      (Adware)
speedmax.exe  (8a656fd97646ecc4e5f6bf21612b7e8a)

4 / 68      (Adware)
updater.exe  (586c2401e9c9c5f2dd11741af6de6155)

8 / 68      (Adware)
speedmax.exe  (6a5153a81b9c83dc84767bf5805a6a86)

4 / 68      (Adware)
file_to_run55197.exe  (8430247d90d52f76fbf3bb0b7b3a7f8b)

6 / 68      (Adware)
file_to_run33902.exe  (62be4e947462f2f8c54a49ff80a39796)

3 / 68      (Adware)
file_to_run55594.exe  (7d2454e960ea255016091512cae984ec)

 
Latest 30 of 34 files

Downloads URLs for files signed by Search Safer Inc..

3 / 68      (Adware)
http://d2cga0idq39sb9.cloudfront.net/.../updaterUSnew.exe  (8efd5e990f4918321bdaad70c407f03a)

2 / 68      (Adware)
http://d2cga0idq39sb9.cloudfront.net/.../updater12.exe  (043ce6f378ea6f2c62574ea3ebb71137)

Top-level domains owned by Search Safer Inc..

zakosolutions.com

The following websites host and distribute files published by Search Safer Inc..

d2cga0idq39sb9.cloudfront.net

The certificates below are also signed by Search Safer Inc..

0CABF6C1133DB05A8B40B85F31CD94A9  (Mar 13, 2014 to Feb 10, 2016)

0403B9226C3448CDB32080CC686AB22C  (Dec 04, 2012 to Feb 10, 2016)

025FF57ABB946C9380A9E34424A2279E  (May 11, 2014 to Feb 10, 2016)

01F4A28590DA3F29E2D2451549E04626  (Apr 27, 2014 to Feb 10, 2016)

0DD45460B26C36827A94ED3E5121F830  (Apr 09, 2014 to Feb 10, 2016)

0D397E40D32ACA9E1EEF917E9C9DDE39  (May 05, 2014 to Feb 10, 2016)

0A53F7529B6130A6628AC1B79257FCA8  (May 20, 2014 to Feb 10, 2016)

04D4B772CA1293BC1799E2A2ACB014DC  (Mar 18, 2014 to Feb 10, 2016)

0A4669F7321BBB3215A68123F91E80BD  (Apr 17, 2014 to Feb 10, 2016)

08ACAD842A099F9B8EBC1FDD70D3DABB  (Apr 28, 2014 to Feb 10, 2016)

10 of 21 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Zako Solutions LTD

InfoSpace Sales LLC

* Note, the details and description above are based on the code signing digital signature issued to Search Safer Inc. by DigiCert Inc on January 06, 2014 with the serial number '0a9503052352494760e64f027ed81bda'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.