Bitcasa.exe

Bitcasa - Infinite Storage

Bitcasa Incorporated

The executable Bitcasa.exe, “Bitcasa for Windows” has been detected as malware by 3 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Bitcasa’.
Publisher:
Bitcasa, Inc  (signed by Bitcasa Incorporated)

Product:
Bitcasa - Infinite Storage

Description:
Bitcasa for Windows

Version:
0.9.20.4135

MD5:
c06cc488f9a5b4645c2fb81d9f3f67a4

SHA-1:
e1958d5e00ec55bd7cb31940d1f52d991dfaef5e

SHA-256:
c659377254c3582b269ec37f47d9d6bdc4b5bee342941ef76017125a3da9d2be

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/24/2024 5:32:56 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Win64.Expiro.108
9.0.1.05190

ESET NOD32
Win64/Expiro.AC virus
6.3.12010.0

F-Secure
Win64.Expiro.Gen.3
5.15.154

File size:
4.7 MB (4,963,328 bytes)

Product version:
0.9.20.4135

Copyright:
Copyright (C) 2012

Original file name:
Bitcasa.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\bitcasa\bitcasa.exe

Digital Signature
Authority:
Bitcasa Incorporated

Valid from:
9/8/2011 7:56:33 PM

Valid to:
9/7/2012 7:56:33 PM

Subject:
CN=api.bitcasa.com, OU=Operations - Storage API, O=Bitcasa Incorporated, S=California, C=US

Issuer:
CN=Bitcasa Signing CA, OU=Operations, O=Bitcasa Incorporated, S=California, C=US

Serial number:
0B

File PE Metadata
Compilation timestamp:
12/27/2012 5:08:00 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:2riodme1U87cB07XeZug/g+H2PTMbOEPMccUPFdhzouz70KiTYhtFlgxZuSLgvaC:1odjOScOLwDdhz5htFluc1LFjFD

Entry address:
0x17D224

Entry point:
90, 55, 48, 89, E5, 56, 48, FF, CE, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 81, EC, D0, 00, 00, 00, 48, C7, 85, 70, FF, FF, FF, 00, 00, 00, 00, 48, C7, 45, A8, 0E, 00, 00, 00, 4C, 8B, 55, A8, 49, 83, EA, 0E, 4C, 89, 55, A0, 48, C7, 45, 98, 09, 00, 00, 00, 45, 31, F6, 4C, 8B, 55, A0, 4D, 89, D5, 49, 83, ED, 00, 49, BA, 13, 2B, 00, 00, 00, 00, 00, 00, 4C, 89, 95, 40, FF, FF, FF, BE, 74, 58, 11, F2, 4C, 8B, 95, 40, FF, FF, FF, 49, B9, ED, 7D, 01, 00, 00, 00, 00, 00, 4D, 89, D6, 4D, 0F, AF, F1, 41, BD, A9, 15...
 
[+]

Entropy:
6.9253

Code size:
2 MB (2,093,056 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Bitcasa

Command:
C:\Program Files\bitcasa\bitcasa.exe \startup


Remove Bitcasa.exe - Powered by Reason Core Security