unt47c0.exe

JDI BACKUP LIMITED

The application unt47c0.exe by JDI BACKUP LIMITED has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program MyPC Backup by JDI BACKUP LIMITED which is a potentially unwanted software program. The file has been seen being downloaded from cdn.backupgrid.net. While running, it connects to the Internet address 22.4.211.130.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
JDI BACKUP LIMITED  (signed and verified)

MD5:
9908170b935b38aa6073c9e517ee7572

SHA-1:
163c4e46564fd496cae1c647b8b6b1d1a98e287f

SHA-256:
d20073863a27e4407cba00de343eaec0e05cd56e6f5b714d66b83561901110fa

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/17/2024 11:40:34 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod7b3.Trojan
1.3.0.4613

ESET NOD32
Win32/MyPCBackup
7.9249

Reason Heuristics
PUP.Optional.JDIBACKUPLIMITED.H
14.3.2.16

Vba32 AntiVirus
TrojanDownloader.Genome
3.12.24.3

File size:
94.2 KB (96,464 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\unt47c0.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/23/2012 3:00:00 AM

Valid to:
2/22/2015 2:59:59 AM

Subject:
CN=JDI BACKUP LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=JDI BACKUP LIMITED, L=Havant, S=Hampshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
35E738AE8513757EEEC7C3A8DC10E470

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:apgpHzb9dZVX9fHMvG0D3XJPqkSZZZ3gNVRD661ib/OTCfbRwYVL3nWuWrAykqIO:YgXdZt9P6D3XJdUYRD66Ybm2fHV6uWvl

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file unt47c0.exe has been discovered within the following program.

MyPC Backup  by JDI BACKUP LIMITED
MyPC Backup (JustDevelopIT) is a Windows backup utility that is typically distributed in a co-bundled offer situation using download managers.
www.mypcbackup.com
68% remove it
 
Powered by Should I Remove It?

The file unt47c0.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 22.4.211.130.bc.googleusercontent.com  (130.211.4.22:80)

Remove unt47c0.exe - Powered by Reason Core Security