» ShopAtHome_BAC_Service.exe
Overview
Analysis
File Details
Programs (1)
Network (6)

ShopAtHome_BAC_Service.exe

ShopAtHome.com

The application ShopAtHome_BAC_Service.exe, “ShopAtHome BrowserAppCore Service” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program ShopAtHome.com BrowserAppCore Service Chrome by Belcaro Group Inc. which is a potentially unwanted software program. While running, it connects to the Internet address server-54-192-36-229.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Publisher:

ShopAtHome.com

Description:

ShopAtHome BrowserAppCore Service

Version:

7.1.1.0

MD5:

9281ab5c78dfdebde9c728e589cf786c

SHA-1:

82a36bbf81bf28d79fc349ab8dd8e5e510890527

SHA-256:

8d14225040460e98a0f30d54d203a1b5a3ea0ebbe9f31528c2827860644f373c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 4:34:57 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic.ShopAtHome.Meta

15.10.15.6

File size:

46 KB (47,104 bytes)

Product version:

7.1.1.0

Original file name:

ShopAtHome_BAC_Service.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\shopathome.com browserappcore service\shopathome_bac_service.exe

File PE Metadata

Compilation timestamp:

6/6/2013 11:57:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:yPIHuKyhwFUtKarlBlb9dgRg8i2xDI8RIX:yPI5Yw6rlBZ9dMnnxDI8Rg

Entry address:

0xCC2E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.2918

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

43.5 KB (44,544 bytes)

The file ShopAtHome_BAC_Service.exe has been discovered within the following program.

ShopAtHome.com BrowserAppCore Service Chrome by Belcaro Group Inc.

Publisher's description - “During installation, the Browser App may automatically change the default search engine used by your Web browser, whether via a built-in search box or otherwise, to our search engine. Using the ShopAtHome.”

www.shopathome.com

67% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-192-36-229.jfk1.r.cloudfront.net (54.192.36.229:80)

TCP (HTTP):

Connects to server-54-192-36-193.jfk1.r.cloudfront.net (54.192.36.193:80)

TCP (HTTP):

Connects to server-54-192-36-17.jfk1.r.cloudfront.net (54.192.36.17:80)

TCP (HTTP):

Connects to server-52-84-125-21.iad16.r.cloudfront.net (52.84.125.21:80)

TCP (HTTP):

Connects to ord36s01-in-f10.1e100.net (216.58.192.138:80)

TCP (HTTP):

Connects to ec2-52-72-114-230.compute-1.amazonaws.com (52.72.114.230:80)

Remove ShopAtHome_BAC_Service.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.