SuperBackup.exe

Super Backup Online Backup

Strongvault Online Storage LLC

The application SuperBackup.exe, “This installer database contains the logic and data required to install Super Backup Online Backup.” by Strongvault Online Storage has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from cdn.airdlr7.com.
Publisher:
Stronghold.com  (signed by Strongvault Online Storage LLC)

Product:
Super Backup Online Backup

Description:
This installer database contains the logic and data required to install Super Backup Online Backup.

Version:
2.5.0.15

MD5:
87d60d34f57f53460b0dc337835e824b

SHA-1:
4b1d387ddc159b9f09aa28dc1e2a661f52583376

SHA-256:
a439c3c5e1af251ad83987c6693051248948829543a0ce2e840f00b155911241

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:23:03 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
17937

ESET NOD32
MSIL/Adware.StrongVault (variant)
8.9547

Reason Heuristics
PUP.Optional.Installer.StrongvaultOnlineStorage.L
14.3.17.2

File size:
15.3 MB (16,003,328 bytes)

Product version:
2.5.0.15

Copyright:
Copyright (C) Stronghold.com

Original file name:
SuperBackup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\superbackup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/12/2013 6:00:00 PM

Valid to:
2/13/2014 5:59:59 PM

Subject:
CN=Strongvault Online Storage LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Strongvault Online Storage LLC, L=newport beach, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48A7245B07D6ADFDDD6F3FAC024F13AF

File PE Metadata
Compilation timestamp:
11/29/2012 2:50:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:oajRe5JmX3xI6y25/om/y7u8r/p47Zjog+6h+nwybE59:oqRsmP5/oljr/p8ZjegFn

Entry address:
0x2F587

Entry point:
E8, 30, 9F, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B, DF, 77, 1E, E8, 88, 3A, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 11, 3A, 00, 00, 83, C4, 14, 8B, C6, 5F, 5E, 5B, 5D, C3, 8B, 75, 10, 3B, F7, 75, 07, 33, C0, 66, 89, 02, EB, D4, 8B, CA, 0F, B7, 06, 66, 89, 01, 41, 41, 46, 46, 66, 3B, C7, 74, 03, 4B, 75, EE, 33, C0, 3B, DF, 75, D3, 66, 89, 02, E8, 3F, 3A, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, B3, 8B, FF, 55, 8B, EC, 83, EC...
 
[+]

Entropy:
7.9735  (probably packed)

Code size:
268.5 KB (274,944 bytes)

The file SuperBackup.exe has been seen being distributed by the following URL.

Remove SuperBackup.exe - Powered by Reason Core Security