home

BackUp.exe

BackUp

CEZEO software Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BackUpTime’.
Publisher:
CEZEO software Ltd.  (signed and verified)

Product:
BackUp

Description:
Residental BackUp Tool and Scheduler

Version:
1, 7, 37, 37

MD5:
97e100e6bbf6462f42de27174839fe89

SHA-1:
aedc476f4078b19da15ad76428ccd29362822545

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/16/2024 7:37:10 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/17211

Quick Heal
(Suspicious) - DNAScan
11.16.11.00

File size:
262.8 KB (269,136 bytes)

Product version:
1, 7, 37, 37

Copyright:
CEZEO software Ltd. (c) 1999 - 2008

Trademarks:
http://www.cezeo.com

Original file name:
BackUp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cezeo software\backuptime\backup.exe

Digital Signature
Signed by:
CEZEO software Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/14/2010 5:30:00 AM

Valid to:
4/15/2011 5:29:59 AM

Subject:
CN=CEZEO software Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CEZEO software Ltd., L=St.Petersburg, S=St.Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1D80EBD7047D4340C581E0F7B35B8565

File PE Metadata
Compilation timestamp:
6/9/2010 5:56:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:GS3KcAIsRCbNYEVElo5Wt0k7XDCbtx7MQtlF:tRPhTEWrt5F

Entry address:
0x1000

Entry point:
68, 01, 30, 45, 00, E8, 01, 00, 00, 00, C3, C3, ED, 9D, B7, E3, D2, 24, EC, 6D, 24, A7, D2, 8D, F1, CB, BE, F4, 4D, 4E, AC, 26, 79, A2, EC, 8E, 88, 5F, 37, 15, 8F, 1B, 88, 84, B0, E5, F8, B6, 62, BD, 57, 22, D1, 6E, 55, BE, 49, F7, A3, D6, 6E, 63, 9C, EB, 0C, D9, F5, 1D, 68, 9A, C5, F0, 7C, 21, 90, 35, DC, F9, B4, 07, F9, E8, BC, FE, 78, 66, E6, 54, E4, 3B, 3E, B1, 7F, B1, 3E, 02, 51, 60, 2A, C6, FD, F2, AF, 2D, 88, E9, 1A, 1A, 8A, BA, A8, 9F, 76, AC, DB, 8D, 64, 38, BA, 9A, 1E, B9, 0B, 00, 1F, 13, E2, AF...
 
[+]

Entropy:
7.1069

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
142 KB (145,408 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BackUpTime

Command:
"C:\Program Files\cezeo software\backuptime\backup.exe"


Scan BackUp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.