» BackupNowEZtray.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

BackupNowEZtray.exe

NTI Backup Now EZ

NewTech Infosystems, Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BackupNowEZtray’. This is installed with NTI Backup Now EZ.

File name:

BackupNowEZtray.exe

Publisher:

NewTech Infosystems, Inc. (signed by NewTech Infosystems, Inc)

Product:

NTI Backup Now EZ

Version:

1.1.2.77a

MD5:

e112deac365b20f0060e5724ba2357dd

SHA-1:

fc5a7e0b1395ba1f5c3caefa4ff3728d6577a279

SHA-256:

021f4023323bf8beb21d3f3936ef7f494a125862dd20df8d65a2246f08521418

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 12:14:23 AM UTC (today)

File size:

549.8 KB (562,944 bytes)

Product version:

1.1.2.77a

Original file name:

BackupNowEZtray.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\newtech infosystems\backup now ez\backupnoweztray.exe

Digital Signature

Signed by:

NewTech Infosystems, Inc

Authority:

VeriSign, Inc.

Valid from:

10/26/2008 8:00:00 PM

Valid to:

12/21/2011 6:59:59 PM

Subject:

CN="NewTech Infosystems, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="NewTech Infosystems, Inc", S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4F94BE281788D11EEC53062599338F41

File PE Metadata

Compilation timestamp:

2/21/2010 11:07:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:KQSOj9ojMZwlzDf9WfyMIoFOEHSl0nNMagJKvz6HnnmmVki8s8OXylq2Nx0Ml:JpiMZ2zDrMFFAKSnnmmtyjNn

Entry address:

0x1BAF8

Entry point:

E8, 9B, 04, 00, 00, E9, 37, FD, FF, FF, 3B, 0D, 28, A0, 42, 00, 75, 02, F3, C3, E9, 1D, 05, 00, 00, 8B, FF, 55, 8B, EC, F6, 45, 08, 02, 57, 8B, F9, 74, 25, 56, 68, 64, C1, 41, 00, 8D, 77, FC, FF, 36, 6A, 0C, 57, E8, 52, 01, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, F2, F6, FF, FF, 59, 8B, C6, 5E, EB, 14, E8, 1B, 06, 00, 00, F6, 45, 08, 01, 74, 07, 57, E8, DB, F6, FF, FF, 59, 8B, C7, 5F, 5D, C2, 04, 00, CC, FF, 25, 14, F2, 41, 00, FF, 25, 7C, F2, 41, 00, 6A, 14, 68, 00, 4F, 42, 00, E8, 76, 03, 00, 00, FF, 35... 
[+]

Entropy:

5.7660

Code size:

119 KB (121,856 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

BackupNowEZtray

Command:

"C:\Program Files\newtech infosystems\backup now ez\backupnoweztray.exe" -k

The file BackupNowEZtray.exe has been discovered within the following program.

NTI Backup Now EZ by NewTech Infosystems

Publisher's description - “Backup Now EZ is a complete backup solution for protecting your entire computer. Our File & Folder Backup method will protect your important files and folders and give you quick access to your backed up files if the need arises.”

www.nticorp.com/en/us/product/nti-backup-now-ez-3.asp

About 2% of users remove it

Scan BackupNowEZtray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.