» gpautobackup_setup.exe
Overview
Analysis
File Details
Downloads (204)

gpautobackup_setup.exe

Google Photos Backup

Google Inc

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.google.com and multiple other hosts.

File name:

gpautobackup_setup.exe

Publisher:

Google (signed by Google Inc)

Product:

Google Photos Backup

Description:

Installer for Google Photos Backup

Version:

1.1.2.13

MD5:

72c4c2afedb71d5cb29e490ebcdc256e

SHA-1:

62f2fb6b0c13eaa6aaaeb4662c6f81cfe876a32c

SHA-256:

a38f6257dd06363027f51c80ca6fa97f826d1c36943c41b416ecc00baaa37119

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/19/2024 10:11:06 AM UTC (today)

File size:

2.5 MB (2,662,800 bytes)

Product version:

1.1.2.13

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\gpautobackup_setup.exe.part

Digital Signature

Signed by:

Google Inc

Authority:

Symantec Corporation

Valid from:

12/16/2015 5:30:00 AM

Valid to:

12/17/2018 5:29:59 AM

Subject:

CN=Google Inc, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

2A9C21ACAAA63A3C58A7B9322BEE948D

File PE Metadata

Compilation timestamp:

10/7/2014 10:10:20 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:CLaPH2OVYTpq0hsC9bsJprEpeTSa4Tad24eHjhesOUwERjfKtpRbbqd+NXOIv/5k:CLaPHBVqY0HpeTSdsaHjhesO5E1fKZ2W

Entry address:

0x335A

Entry point:

81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 09, A3, B8, 92, 42, 00, E8, 15, 2F, 00, 00, A3, 04, 92, 42, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, A8, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, 00, 82, 42, 00, E8, 80, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 6E, 2B, 00, 00... 
[+]

Entropy:

7.9598

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

The file gpautobackup_setup.exe has been seen being distributed by the following 50 URLs.

https://www.google.com/url?hl=es&q=https://.../photosbackupwindows&source=gmail&ust=1480787578991000&usg=AFQjCNEiLRzZDbpRJ9LrgtnuAIEYWUnmFg

https://www.google.com/url?hl=ja&q=https://.../photosbackupwindows&source=gmail&ust=1472773992192000&usg=AFQjCNEzFw3ZSntTYHvHk8Vr6zsJB4MbHQ

https://www.google.com/url?hl=pt-BR&q=https://.../photosbackupwindows&source=gmail&ust=1486556783235000&usg=AFQjCNGNX2RlUgxpyt5urD1n8I9K3TG4OA

https://www.google.com/url?hl=fr&q=https://.../photosbackupwindows&source=gmail&ust=1477349508232000&usg=AFQjCNHtmX08m58_NNA1i7dn_rxvrp2Uhg

https://www.google.com/url?hl=pt-BR&q=https://.../photosbackupwindows&source=gmail&ust=1471627281926000&usg=AFQjCNEaKIL1Xsfi_11ewM6drqzn1mNS8A

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1481305320143000&usg=AFQjCNF6cpy26Zuhy9usz0Hlte-kuGwyEQ

https://www.google.com/url?hl=zh-TW&q=https://.../photosbackupwindows&source=gmail&ust=1481215993491000&usg=AFQjCNEJyNDSN0Z1GMet9Zy7CpMW1of2nQ

https://www.google.com/url?hl=pl&q=https://.../photosbackupwindows&source=gmail&ust=1481140648921000&usg=AFQjCNGI10qb2Jh5vwTI4pmgnR1KtHLIsQ

https://www.google.com/url?hl=fr&q=https://.../photosbackupwindows&source=gmail&ust=1483170349956000&usg=AFQjCNHSGODwTtcqaxpuVYJzm2FJ7JmSSQ

https://www.google.com/url?hl=pl&q=https://.../photosbackupwindows&source=gmail&ust=1464857391163000&usg=AFQjCNGqFa8PmMWIlWzQtTGvsd8pdHIk3w

https://www.google.com/url?hl=fr&q=https://.../photosbackupwindows&source=gmail&ust=1484415549789000&usg=AFQjCNHXOhcZdSKpehsZKma5UYy5AGOChw

http://lb.cdn.m6web.fr/d/c/a/efb2195e0ece6fa0229140712be166bb/58851363/soft/.../google-photos_1-1-2-13_fr_433291.exe

http://lb.cdn.m6web.fr/d/c/a/223643e8874be4e70cfe90e41d772be2/5885fea6/soft/.../google-photos_1-1-2-13_fr_433291.exe

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1482189559720000&usg=AFQjCNFkCgfHPQQkQWO3wRwwyR3DGNsGNQ

https://www.google.com/url?hl=pt-BR&q=https://.../photosbackupwindows&source=gmail&ust=1478952899535000&usg=AFQjCNEaaXduL5U7vXMFFcIT7NBq-OQWiw

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1479274377640000&usg=AFQjCNHKLo5Jrr8iRD7ubVvtRUowPEe9KA

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1483816187657000&usg=AFQjCNFKbvD1-OlUvm3UmI5lSDOZbo0D4g

https://www.google.com/url?hl=fr&q=https://.../photosbackupwindows&source=gmail&ust=1470948930758000&usg=AFQjCNHF88SnUX_EVecElS0j2ZsxHxXO0Q

https://www.google.com/url?hl=es-419&q=https://.../photosbackupwindows&source=gmail&ust=1480886024388000&usg=AFQjCNHxfiypIuNXgob8PfhvElO1h5M8lw

https://www.google.com/url?hl=vi&q=https://.../photosbackupwindows&source=gmail&ust=1478764174015000&usg=AFQjCNE17cCmcWxeHCkQMZgPqEYnF_Dq7A

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1487131567492000&usg=AFQjCNE6T4XKan4sQ928KbdIUixDbOdLvg

https://www.google.com/url?hl=pl&q=https://.../photosbackupwindows&source=gmail&ust=1484852788744000&usg=AFQjCNGJ5vs0_CiD6p8U014pcqNhyhlYXw

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1465836778378000&usg=AFQjCNGF1kD8mXXvvYzLzRz1lr3BHfe3LQ

https://www.google.com/url?hl=pt-BR&q=https://.../photosbackupwindows&source=gmail&ust=1475369470035000&usg=AFQjCNH_xucGroFbNO3DNQrDpaNkzdII-Q

https://www.google.com/url?hl=es&q=https://.../photosbackupwindows&source=gmail&ust=1480364894448000&usg=AFQjCNFIajT_rGFCmUq78a5oOLfPF-UBpA

https://www.google.com/url?hl=pt-BR&q=https://.../photosbackupwindows&source=gmail&ust=1480823468540000&usg=AFQjCNEnp_d8mN51kMDkRIHTITuSb6Ev0Q

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1475696793250000&usg=AFQjCNEkK6JKIMdMpYyhKCckQTZ7nNbYCA

http://lb.cdn.m6web.fr/d/c/a/de0e778bf03677e0fa1c319ecedfa141/587a662e/soft/.../google-photos_1-1-2-13_fr_433291.exe

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1482932987287000&usg=AFQjCNEU53klkGevlqoWmMDsak7h-9-Hwg

https://www.google.com/url?hl=en&q=https://.../photosbackupwindows&source=gmail&ust=1483552896693000&usg=AFQjCNHRh-uRlmw39yLPuEBXSm8nEFgOdQ

Latest 30 of 204 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.