Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
(Note, Alipay.com Co. publishes each variation of this file with the same version, but the hashes are unique.)
Relationships
Parent process
Related files
AlipaySafeTran.exe
SafeTransaction by Alipay.com Co. (Signed)
Version: | 1, 1, 0, 1 |
MD5: | b427f6c4fb1621e67616ba9e656b3404 |
SHA1: | 45050bcbec4dd3462c11db466b6b84c7618900f2 |
SHA256: | a2283c694053501fd4cb9f5059480c907a1979e6ea0413c6d307d6f86a6a2a44 |
Warning 4 antivirus scanners has detected malware.
Overview
alipaysafetran.exe is malware that executes as a process with the local user's privileges typically within the context of its parent
alipaysecsvc.exe (alieditplus by Alipay.com Co.). The file is digitally signed by Alipay.com Co. which was issued by the VeriSign certificate authority (CA).
Details
File name: | alipaysafetran.exe |
Publisher: | Alipay Inc. |
Product name: | SafeTransaction |
Description: | AlipaySafeTran |
Typical file path: | C:\Program Files\alipay\safetransaction\alipaysafetran.exe |
File version: | 1, 1, 0, 1 |
Product version: | 4, 2, 1, 0 |
Size: | 863.34 KB (884,064 bytes) |
Certificate |
Issued to: | Alipay.com Co. |
Authority (CA): | VeriSign |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | No |
.NET CLR: | No |
More details
Network connections
[TCP] 119.188.50.100:80
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Jorik |
Clam AntiVirus |
0.97.3.0 |
Win.Trojan.2139218 |
Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0208 |
Vba32 AntiVirus |
3.12.22.2 |
Trojan.Agent |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00200195% | |
Kernel CPU: | 0.00051500% | |
User CPU: | 0.00148695% | |
Kernel CPU time: | 28,267 ms/min | |
Context switches: | 11/sec | |
Memory |
Private memory: | 16.64 MB | |
Private (maximum): | 24.43 MB | |
Private (minimum): | 23.88 MB | |
Non-paged memory: | 16.64 MB | |
Virtual memory: | 120.16 MB | |
Virtual memory (peak): | 126.55 MB | |
Working set: | 23.93 MB | |
Working set (peak): | 25.23 MB | |
Resource allocations |
Threads: | 23 | |
Handles: | 418 | |
GUI GDI count: | 15 | |
GUI GDI peak: | 16 | |
GUI USER count: | 8 | |
GUI USER peak: | 9 | |
Process properties
Threads
Averages
alipayst.dll (AliPayST Dynamic Link Library by 阿里巴巴云计算有限公司) |
Total CPU: | 0.11297664% | |
Kernel CPU: | 0.10080751% | |
User CPU: | 0.01216913% | |
CPU cycles: | 3,435,152/sec | |
Context switches: | 5/sec | |
Memory: | 4.52 MB | |
AlipaySafeTran.exe (main module) |
Total CPU: | 0.04230759% | |
Kernel CPU: | 0.04136571% | |
User CPU: | 0.00094189% | |
CPU cycles: | 1,389,826/sec | |
Memory: | 876 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 7 Professional |
50.00% |
|
Windows 7 Enterprise |
50.00% |
|
Distribution by country
China installs about 50.00% of SafeTransaction.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Lenovo |
50.00% |
|
Toshiba |
50.00% |
|