» backgroundhost64.exe
Overview
Analysis
File Details

backgroundhost64.exe

ShopAtHome.com (Belcaro Group, Inc.)

The application backgroundhost64.exe by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

ShopAtHome.com (Belcaro Group, Inc.) (signed and verified)

Version:

1.1.11.5

MD5:

a766e4df4d46c19a3b098f5b33fcc36b

SHA-1:

3a8718cebc6172c798946e8aaf17ff48e3c7d07a

SHA-256:

464a347dedf99709538c60aefd291b8fb4dbc726455d171715d63f88efb66647

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

1/15/2025 10:07:46 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ShopAtHome (M)

16.11.15.15

File size:

507.6 KB (519,816 bytes)

Product version:

1.1.11.5

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\shopathome.com\backgroundhost64.exe

Digital Signature

Signed by:

ShopAtHome.com (Belcaro Group, Inc.)

Authority:

DigiCert Inc

Valid from:

9/26/2016 7:00:00 PM

Valid to:

7/30/2019 7:00:00 AM

Subject:

CN="ShopAtHome.com (Belcaro Group, Inc.)", O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, PostalCode=80111, STREET=5575 DTC Parkway, STREET=Suite 300, SERIALNUMBER=19871692567, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

07785E5E630E86D47CCCF32A210DA4D1

File PE Metadata

Compilation timestamp:

7/15/2016 7:24:25 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:ZEjFtPMIOOIkXNcHiI3yX/2mT7TELPWiL/e6hD7UtvqalR9AePcTNFMPgn8QqGMa:WFt0IOQXKguBnW6t7UVMePVUVio

Entry address:

0x3CA48

Entry point:

48, 83, EC, 28, E8, E7, 95, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 40, 55, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 50, 48, 8D, 6C, 24, 40, 48, 89, 5D, 40, 48, 89, 75, 48, 48, 89, 7D, 50, 48, 8B, 05, 1E, 9C, 03, 00, 48, 33, C5, 48, 89, 45, 08, 8B, 5D, 60, 33, FF, 4D, 8B, F1, 45, 8B, F8, 89, 55, 00, 85, DB, 7E, 2A, 44, 8B, D3, 49, 8B, C1, 41, FF, CA, 40, 38, 38, 74, 0C, 48, FF, C0, 45, 85, D2, 75, F0, 41, 83, CA, FF, 8B, C3, 41, 2B, C2, FF, C8, 3B, C3, 8D, 58, 01, 7C, 02, 8B, D8, 44, 8B, 65... 
[+]

Entropy:

6.0739

Code size:

322 KB (329,728 bytes)

Remove backgroundhost64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.