cloudbackup5642.exe

Backup Software Limited

The application cloudbackup5642.exe by Backup Software Limited has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.justcloud.com and multiple other hosts.
Publisher:
Backup Software Limited  (signed and verified)

MD5:
0511a8b07d7fe32c1185200b1a248bc8

SHA-1:
50d2d2d2f550518740776bc2168f5a860d1a513f

SHA-256:
82eda161fec15b3674f5d4f3b86477245dcc65aab1929c8020c29400195f6dcd

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/17/2024 3:11:36 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MyBackup
2015.0.3301

Dr.Web
Program.Unwanted.113
9.0.1.0308

Malwarebytes
PUP.Optional.MyPCBackup.A
v2014.11.04.08

McAfee
Artemis!0511A8B07D7F
5600.6957

NANO AntiVirus
Trojan.Win32.Blocker.dghxre
0.28.6.62995

Reason Heuristics
PUP.Optional.BackupSoftwareLimited.P
14.11.4.8

Trend Micro House Call
TROJ_GEN.R08JH05K314
7.2.308

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34500

File size:
5.3 MB (5,531,784 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\cloudbackup5642.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
6/16/2014 5:00:00 PM

Valid to:
6/21/2016 5:00:00 AM

Subject:
CN=Backup Software Limited, O=Backup Software Limited, L=Fareham, S=Hampshire, C=GB

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0CAF19B1326854F0FDA6CB110DF30B5C

File PE Metadata
Compilation timestamp:
12/5/2009 2:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:7D6q+ZRW7P8ArypXR7NEt1LVQNcGlJko+zO1+4bveeGFgMK0x/D800aBkSk721//:6O1rypB7NE1VGUoD1+m6K05rpkG/JqTs

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Entropy:
7.9988

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file cloudbackup5642.exe has been seen being distributed by the following 2 URLs.

Remove cloudbackup5642.exe - Powered by Reason Core Security