ShopAtHome_BAC_Service.exe

ShopAtHome.com

The application ShopAtHome_BAC_Service.exe, “ShopAtHome BrowserAppCore Service” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program ShopAtHome.com BrowserAppCore Service Chrome by Belcaro Group Inc. which is a potentially unwanted software program. While running, it connects to the Internet address server-54-192-36-229.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
ShopAtHome.com

Description:
ShopAtHome BrowserAppCore Service

Version:
7.1.1.0

MD5:
9281ab5c78dfdebde9c728e589cf786c

SHA-1:
82a36bbf81bf28d79fc349ab8dd8e5e510890527

SHA-256:
8d14225040460e98a0f30d54d203a1b5a3ea0ebbe9f31528c2827860644f373c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 10:38:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.ShopAtHome.Meta
15.10.15.6

File size:
46 KB (47,104 bytes)

Product version:
7.1.1.0

Copyright:
Copyright © ShopAtHome.com 2012

Original file name:
ShopAtHome_BAC_Service.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\shopathome.com browserappcore service\shopathome_bac_service.exe

File PE Metadata
Compilation timestamp:
6/6/2013 11:57:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:yPIHuKyhwFUtKarlBlb9dgRg8i2xDI8RIX:yPI5Yw6rlBZ9dMnnxDI8Rg

Entry address:
0xCC2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.2918

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
43.5 KB (44,544 bytes)

The file ShopAtHome_BAC_Service.exe has been discovered within the following program.

Publisher's description - “During installation, the Browser App may automatically change the default search engine used by your Web browser, whether via a built-in search box or otherwise, to our search engine. Using the ShopAtHome.”
www.shopathome.com
67% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-36-229.jfk1.r.cloudfront.net  (54.192.36.229:80)

TCP (HTTP):
Connects to server-54-192-36-193.jfk1.r.cloudfront.net  (54.192.36.193:80)

TCP (HTTP):
Connects to server-54-192-36-17.jfk1.r.cloudfront.net  (54.192.36.17:80)

TCP (HTTP):
Connects to server-52-84-125-21.iad16.r.cloudfront.net  (52.84.125.21:80)

TCP (HTTP):
Connects to ord36s01-in-f10.1e100.net  (216.58.192.138:80)

TCP (HTTP):
Connects to ec2-52-72-114-230.compute-1.amazonaws.com  (52.72.114.230:80)

Remove ShopAtHome_BAC_Service.exe - Powered by Reason Core Security