» BackupStack.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (8)

BackupStack.exe

BackupStack

JDI BACKUP LIMITED

The application BackupStack.exe by JDI BACKUP LIMITED has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Computer Backup (MyPC Backup)”. Additionally, the file is typically installed by a number of programs including ZipCloud by JDI BACKUP LIMITED and MyPC Backup by JDI BACKUP LIMITED. While running, it connects to the Internet address 37.58.79.173-static.reverse.softlayer.com on port 80 using the HTTP protocol.

File name:

BackupStack.exe

Publisher:

Just Develop It (signed by JDI BACKUP LIMITED)

Product:

BackupStack

Description:

Backup Stack

Version:

1.0.0.0

MD5:

17023c57a820b5cd411b90c1c772e030

SHA-1:

5729a291da28872912bf25405fbf127f24d17bcb

SHA-256:

74649abe4f8c16cebc5405141112633108f94d5e4f519f04d1abba65b59497fa

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:07:19 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Service.JDIBACKUPLIMITED.L

188163

Reason Heuristics

PUP.Optional.Service.JDIBACKUPLIMITED.L

14.2.26.9

File size:

32 KB (32,808 bytes)

Product version:

1.0.0.0

Original file name:

BackupStack.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\mypc backup\backupstack.exe

Digital Signature

Signed by:

JDI BACKUP LIMITED

Authority:

VeriSign, Inc.

Valid from:

2/22/2012 4:00:00 PM

Valid to:

2/21/2015 3:59:59 PM

Subject:

CN=JDI BACKUP LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=JDI BACKUP LIMITED, L=Havant, S=Hampshire, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

35E738AE8513757EEEC7C3A8DC10E470

File PE Metadata

Compilation timestamp:

7/1/2013 10:47:53 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:Td8S99GSbMJ+uOSh4oGtJtIpu3JUtiIuoJGmq:TjbMJ+uOUGtJkeoJdq

Entry address:

0x83AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.8032

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

25 KB (25,600 bytes)

Service

Display name:

Computer Backup (MyPC Backup)

Service name:

BackupStack

Type:

Win32OwnProcess

The file BackupStack.exe has been discovered within the following programs.

MyPC Backup by JDI BACKUP LIMITED

MyPC Backup (JustDevelopIT) is a Windows backup utility that is typically distributed in a co-bundled offer situation using download managers.

www.mypcbackup.com

68% remove it

ZipCloud by JDI BACKUP LIMITED

ZipCloud is part of the Just Develop It! group of Backup brands that offers web hosting and online backup services run by JDI Backup (the parent company to similar brands MyPCBackup, Backup Genie and JustCloud).

www.zipcloud.com

58% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 37.58.79.177-static.reverse.softlayer.com (37.58.79.177:80)

TCP (HTTP):

Connects to 37.58.79.174-static.reverse.softlayer.com (37.58.79.174:80)

TCP (HTTP):

Connects to ec2-54-249-82-173.ap-northeast-1.compute.amazonaws.com (54.249.82.173:80)

TCP (HTTP):

Connects to ec2-54-246-196-175.eu-west-1.compute.amazonaws.com (54.246.196.175:80)

TCP (HTTP):

Connects to ec2-54-236-3-173.compute-1.amazonaws.com (54.236.3.173:80)

TCP (HTTP):

Connects to 37.58.79.173-static.reverse.softlayer.com (37.58.79.173:80)

TCP (HTTP):

Connects to 37.58.79.172-static.reverse.softlayer.com (37.58.79.172:80)

TCP (HTTP):

Connects to 37.58.79.171-static.reverse.softlayer.com (37.58.79.171:80)

Remove BackupStack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.