mypcbackup20130923.exe

JDI BACKUP LIMITED

The application mypcbackup20130923.exe by JDI BACKUP LIMITED has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dl-2.kbm2.com. While running, it connects to the Internet address 140.247.178.107.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
JDI BACKUP LIMITED  (signed and verified)

MD5:
1276d72f9c1718244e458093d2bcfcd8

SHA-1:
0069472177c0a0966a8351805ab26870b9f69267

SHA-256:
a0d0f44cc4dd43bfb30f2a78672bd6f0746a15bb7f6e4b35ba2226f79d8d42ff

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:52:16 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/MyPCBackup
7.9057

Reason Heuristics
PUP.Optional.JDIBACKUPLIMITED.S
14.2.22.22

File size:
72.2 KB (73,896 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mypcbackup20130923.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/23/2012 3:00:00 AM

Valid to:
2/22/2015 2:59:59 AM

Subject:
CN=JDI BACKUP LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=JDI BACKUP LIMITED, L=Havant, S=Hampshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
35E738AE8513757EEEC7C3A8DC10E470

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:XpgpHzb9dZVX9fHMvG0D3XJSqkSZZZ3gNVRD661ib/OfkqIzjbany1T:ZgXdZt9P6D3XJsUYRD66Ybmf5Kz

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
6.7251

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mypcbackup20130923.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 140.247.178.107.bc.googleusercontent.com  (107.178.247.140:80)

Remove mypcbackup20130923.exe - Powered by Reason Core Security