BackupStack.exe

BackupStack

Backup Software Limited

The application BackupStack.exe by Backup Software Limited has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Computer Backup (MyPC Backup)”. This file is typically installed with the program MyPC Backup by JDI BACKUP LIMITED which is a potentially unwanted software program. While running, it connects to the Internet address 179.245.178.107.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
Just Develop It  (signed by Backup Software Limited)

Product:
BackupStack

Description:
Backup Stack

Version:
1.0.0.0

MD5:
3aaa70f71ba473ed9c88c83fecab28d7

SHA-1:
ebd2e56c1ee46cc00488c10d0d4abf60931701b2

SHA-256:
0f0e2614e901c50268e656ae26f5d254ab75a471af0f0e7ef880c6958a523582

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 1:38:46 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Win.Troj.Mediamagnet
2.1.4+

AVG
MyBackup
2015.0.3278

Reason Heuristics
PUP.Optional.Service.L
14.11.26.18

File size:
52.6 KB (53,832 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Just Develop It 2010

Original file name:
BackupStack.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\mypc backup\backupstack.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
6/16/2014 5:00:00 PM

Valid to:
6/21/2016 5:00:00 AM

Subject:
CN=Backup Software Limited, O=Backup Software Limited, L=Fareham, S=Hampshire, C=GB

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0CAF19B1326854F0FDA6CB110DF30B5C

File PE Metadata
Compilation timestamp:
11/25/2014 11:37:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:a4E0cgb75K//N1qt2F3MphcAOoQElzB/zFP+aou0DGEO:a4Ey35G/NjEc9El9hiu1

Entry address:
0xD45E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2078

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
45.5 KB (46,592 bytes)

Service
Display name:
Computer Backup (MyPC Backup)

Service name:
BackupStack

Type:
Win32OwnProcess


The file BackupStack.exe has been discovered within the following program.

MyPC Backup  by JDI BACKUP LIMITED
MyPC Backup, a potentially unwanted program (PUP), is bundled with various adware installers and 3rd party download managers including CBS Interactive, Somoto, Conduit, Bechiro and others.
www.mypcbackup.com
70% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 6.183.211.130.bc.googleusercontent.com  (130.211.183.6:80)

TCP (HTTP):
Connects to 135.55.148.146.bc.googleusercontent.com  (146.148.55.135:80)

TCP (HTTP):
Connects to 31.168.211.130.bc.googleusercontent.com  (130.211.168.31:80)

TCP (HTTP):
Connects to 202.157.251.23.bc.googleusercontent.com  (23.251.157.202:80)

TCP (HTTP):
Connects to 179.245.178.107.bc.googleusercontent.com  (107.178.245.179:80)

TCP (HTTP):
Connects to 90.42.148.146.bc.googleusercontent.com  (146.148.42.90:80)

TCP (HTTP):
Connects to 16.55.148.146.bc.googleusercontent.com  (146.148.55.16:80)

TCP (HTTP SSL):
Connects to lga15s42-in-f12.1e100.net  (74.125.226.12:443)

Remove BackupStack.exe - Powered by Reason Core Security