BackupPCFiles.Client.Service.exe

Fedder Corporation Limited

The application BackupPCFiles.Client.Service.exe by Fedder Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “BackupPCFilesService”.
Publisher:
Bright Access  (signed by Fedder Corporation Limited)

Version:
1.0.0.676

MD5:
f128d9e8594033a4859920c2fff28dd1

SHA-1:
cf505499c490ab91afa63e68cafd92c6566ec749

SHA-256:
b585fa86cc62d10ed1edbc1287b0199a9f64806fce4f76179edfabfbecf5dc8f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 6:35:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.FedderCorporation.Meta
15.7.15.13

File size:
66.1 KB (67,704 bytes)

Product version:
1.0.0.676

Copyright:
Copyright © Bright Access 2010

Original file name:
BackupPCFiles.Client.Service.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\backuppcfiles\backuppcfiles.client.service.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/16/2013 9:00:00 PM

Valid to:
9/17/2015 8:59:59 PM

Subject:
CN=Fedder Corporation Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Fedder Corporation Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22D2B6AFF4224506F133F373AAB07BFB

File PE Metadata
Compilation timestamp:
11/4/2014 7:25:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:apOGKCgNxh59TWsNJ4TbsONHlYodoFS4y3GKSRsOcizNmIFFtE2UrwbUmRV7zYcv:apoxhjqs0TtHlFqS4PKcsTiIuJK2Jt

Entry address:
0x1066E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
58 KB (59,392 bytes)

Service
Display name:
BackupPCFilesService

Description:
This service shedule automatic backup of BackupPCFiles application.

Type:
Win32OwnProcess

Depends on:
CryptSvc


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to ec2-23-21-195-213.compute-1.amazonaws.com  (23.21.195.213:443)

Remove BackupPCFiles.Client.Service.exe - Powered by Reason Core Security