home

BackupStack.exe

Cloud Backup Software Limited

The application BackupStack.exe by Cloud Backup Software Limited has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Computer Backup (JustCloud)”. While running, it connects to the Internet address 202.157.251.23.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
Cloud Backup Software Limited  (signed and verified)

Version:
1.0.*

MD5:
77f74711915240695f17788b6dc5d787

SHA-1:
d8f2eb282aa999257951ab5dd32904464a906d95

SHA-256:
ae067cd700b7245e951fa56e01cd5c1dcbf716a5b88b75eb489680569e93643d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 9:32:52 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Reason Heuristics
PUP.Backup.JustDevelopeIt.Optional.Meta (L)
15.7.25.10

File size:
56.4 KB (57,768 bytes)

Product version:
1.0.*

Original file name:
BackupStack.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\justcloud\backupstack.exe

Digital Signature
Signed by:
Cloud Backup Software Limited

Authority:
DigiCert Inc

Valid from:
4/1/2015 8:00:00 PM

Valid to:
4/6/2018 8:00:00 AM

Subject:
CN=Cloud Backup Software Limited, O=Cloud Backup Software Limited, L=Fareham, S=Hampshire, C=GB

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06D7EDCBECE9E05EEBA35D993832CC3D

File PE Metadata
Compilation timestamp:
5/29/2015 11:42:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:h5ZtgUgtbEab9AD5TFfsPGvTUyTAGzD7zxj5aX5P7DGM9Kg/x/:hDG3EE9s98GrcG3Vy5PlL

Entry address:
0xD57E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3029

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
45.5 KB (46,592 bytes)

Service
Display name:
Computer Backup (JustCloud)

Service name:
BackupStack

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 202.157.251.23.bc.googleusercontent.com  (23.251.157.202:80)

TCP (HTTP):
Connects to 16.55.148.146.bc.googleusercontent.com  (146.148.55.16:80)

TCP (HTTP):
Connects to 135.55.148.146.bc.googleusercontent.com  (146.148.55.135:80)

TCP (HTTP):
Connects to qd-in-f128.1e100.net  (64.233.171.128:80)

TCP (HTTP):
Connects to 90.42.148.146.bc.googleusercontent.com  (146.148.42.90:80)

TCP (HTTP):
Connects to 6.183.211.130.bc.googleusercontent.com  (130.211.183.6:80)

TCP (HTTP):
Connects to 31.168.211.130.bc.googleusercontent.com  (130.211.168.31:80)

Remove BackupStack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.