» BackupStack.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (8)

BackupStack.exe

BackupStack

Backup Software Limited

The application BackupStack.exe by Backup Software Limited has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Computer Backup (MyPC Backup)”. This file is typically installed with the program MyPC Backup by JDI BACKUP LIMITED which is a potentially unwanted software program. While running, it connects to the Internet address 179.245.178.107.bc.googleusercontent.com on port 80 using the HTTP protocol.

File name:

BackupStack.exe

Publisher:

Just Develop It (signed by Backup Software Limited)

Product:

BackupStack

Description:

Backup Stack

Version:

1.0.0.0

MD5:

3aaa70f71ba473ed9c88c83fecab28d7

SHA-1:

ebd2e56c1ee46cc00488c10d0d4abf60931701b2

SHA-256:

0f0e2614e901c50268e656ae26f5d254ab75a471af0f0e7ef880c6958a523582

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/8/2024 5:10:58 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Win.Troj.Mediamagnet

2.1.4+

AVG

MyBackup

2015.0.3278

Reason Heuristics

PUP.Optional.Service.L

14.11.26.18

File size:

52.6 KB (53,832 bytes)

Product version:

1.0.0.0

Original file name:

BackupStack.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\mypc backup\backupstack.exe

Digital Signature

Signed by:

Backup Software Limited

Authority:

DigiCert Inc

Valid from:

6/16/2014 5:00:00 PM

Valid to:

6/21/2016 5:00:00 AM

Subject:

CN=Backup Software Limited, O=Backup Software Limited, L=Fareham, S=Hampshire, C=GB

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0CAF19B1326854F0FDA6CB110DF30B5C

File PE Metadata

Compilation timestamp:

11/25/2014 11:37:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:a4E0cgb75K//N1qt2F3MphcAOoQElzB/zFP+aou0DGEO:a4Ey35G/NjEc9El9hiu1

Entry address:

0xD45E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2078

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

45.5 KB (46,592 bytes)

Service

Display name:

Computer Backup (MyPC Backup)

Service name:

BackupStack

Type:

Win32OwnProcess

The file BackupStack.exe has been discovered within the following program.

MyPC Backup by JDI BACKUP LIMITED

MyPC Backup, a potentially unwanted program (PUP), is bundled with various adware installers and 3rd party download managers including CBS Interactive, Somoto, Conduit, Bechiro and others.

www.mypcbackup.com

70% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 6.183.211.130.bc.googleusercontent.com (130.211.183.6:80)

TCP (HTTP):

Connects to 135.55.148.146.bc.googleusercontent.com (146.148.55.135:80)

TCP (HTTP):

Connects to 31.168.211.130.bc.googleusercontent.com (130.211.168.31:80)

TCP (HTTP):

Connects to 202.157.251.23.bc.googleusercontent.com (23.251.157.202:80)

TCP (HTTP):

Connects to 179.245.178.107.bc.googleusercontent.com (107.178.245.179:80)

TCP (HTTP):

Connects to 90.42.148.146.bc.googleusercontent.com (146.148.42.90:80)

TCP (HTTP):

Connects to 16.55.148.146.bc.googleusercontent.com (146.148.55.16:80)

TCP (HTTP SSL):

Connects to lga15s42-in-f12.1e100.net (74.125.226.12:443)

Remove BackupStack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.