» BrowserSafeguard.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

BrowserSafeguard.exe

Distributed by Adknowledge's installers (Optimum/Fusion/Tiny), the trojan adware will proxy various web traffic and inject advertising in the browser. BrowserProtect was programmed by Danny Miller of Adknowledge. The application BrowserSafeguard.exe has been detected as adware by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 50103 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program BrowserSafeguard by Adknowledge, Inc. which is a potentially unwanted software program.

File name:

Version:

1.0.5214.26052

MD5:

e701768d690ae9e0db0c1570b768a48d

SHA-1:

61e447b80c57c7c42b1c8fe2e15bb3fe95d7a12b

SHA-256:

c6658875759d7fe3105cff763b63fa824a54766a3e6797c070e7071beafdd96e

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Part of an adware program delivered by Adknowledge that will modify the web browser's settings (preferred home page and default search settings) and install a local proxy to intercept and inject various forms of advertising.

Analysis date:

4/28/2024 4:10:03 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

18093

Reason Heuristics

PUP.BrowserSafeguard.Q

14.4.14.13

VIPRE Antivirus

AdKnowledge

28196

File size:

454 KB (464,896 bytes)

Product version:

1.0.5214.26052

Original file name:

BrowserSafeguard.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browsersafeguard\browsersafeguard.exe

File PE Metadata

Compilation timestamp:

4/11/2014 10:28:47 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:mWCGYmVoTOp2lp6+vLh//rkchx66gfvJuUyV8sggYw+fNEJHLjX00:mZjna2lZzJqhQ+fNyHE

Entry address:

0x64F4E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6116

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

396 KB (405,504 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:50103/

Local host port:

50103

Default credentials:

The file BrowserSafeguard.exe has been discovered within the following program.

BrowserSafeguard by Adknowledge, Inc.

RocketTab is licensed by Rich River Media but typically bundled with BrowserSafeguard, the software is distributed through numerous adware bundlers including optimum-installer, FUSION INSTALL and Tint Installer.

www.browsersafeguard.com

80% remove it

Remove BrowserSafeguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.