ShopAtHome_BAC_Service.exe

ShopAtHome.com

The application ShopAtHome_BAC_Service.exe, “ShopAtHome BrowserAppCore Service” has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program ShopAtHome.com BrowserAppCore Service Chrome by Belcaro Group Inc. which is a potentially unwanted software program.
Publisher:
ShopAtHome.com

Description:
ShopAtHome BrowserAppCore Service

Version:
7.1.2.7

MD5:
62cacc391184a2632396dc346e87cc76

SHA-1:
5f00683620ab5f5b8bd22c8e9548c1b579ea3b46

SHA-256:
9767ac2dcf7d2889c80e446b7c863cad789063948a958f38e7a6eb6502e908ce

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
9/19/2018 8:26:55 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.ShopAtHome.W
188163

Reason Heuristics
PUP.ShopAtHome.W
14.3.1.4

File size:
48 KB (49,152 bytes)

Product version:
7.1.2.7

Copyright:
Copyright © ShopAtHome.com 2012

Original file name:
ShopAtHome_BAC_Service.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\shopathome.com browserappcore service\shopathome_bac_service.exe

File PE Metadata
Compilation timestamp:
8/26/2013 12:14:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:2PLdz6fqyk+CgSuV0vlBlb9ZgFg8SWxDqCrGIWx:2PLdkk1ghmvlBZ9ZUnPxDqCi5x

Entry address:
0xD56E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.2851

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
45.5 KB (46,592 bytes)

The file ShopAtHome_BAC_Service.exe has been discovered within the following program.

Publisher's description - “During installation, the Browser App may automatically change the default search engine used by your Web browser, whether via a built-in search box or otherwise, to our search engine. Using the ShopAtHome.”
www.shopathome.com
67% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-87-71-213.compute-1.amazonaws.com  (52.87.71.213:80)

TCP (HTTP):
Connects to ec2-54-85-80-169.compute-1.amazonaws.com  (54.85.80.169:80)

TCP (HTTP):
Connects to ec2-52-72-233-128.compute-1.amazonaws.com  (52.72.233.128:80)

TCP (HTTP):
Connects to ec2-52-206-131-192.compute-1.amazonaws.com  (52.206.131.192:80)

TCP (HTTP):
Connects to c0.a2.2ca9.ip4.static.sl-reverse.com  (169.44.162.192:80)

TCP (HTTP):
Connects to a104-91-169-230.deploy.static.akamaitechnologies.com  (104.91.169.230:80)

TCP (HTTP):
Connects to static-ip-85-25-228-22.inaddr.ip-pool.com  (85.25.228.22:80)

TCP (HTTP):
Connects to a23-212-53-206.deploy.static.akamaitechnologies.com  (23.212.53.206:80)

TCP (HTTP):
Connects to sjc-delivery-7.sys.adgear.com  (216.52.31.73:80)

TCP (HTTP):
Connects to ec2-54-215-196-13.us-west-1.compute.amazonaws.com  (54.215.196.13:80)

TCP (HTTP):
Connects to ec2-54-191-47-247.us-west-2.compute.amazonaws.com  (54.191.47.247:80)

TCP (HTTP):
Connects to ec2-52-70-3-92.compute-1.amazonaws.com  (52.70.3.92:80)

TCP (HTTP):
Connects to ec2-52-52-217-100.us-west-1.compute.amazonaws.com  (52.52.217.100:80)

TCP (HTTP):
Connects to ec2-50-16-194-153.compute-1.amazonaws.com  (50.16.194.153:80)

TCP (HTTP):
Connects to ec2-35-160-23-109.us-west-2.compute.amazonaws.com  (35.160.23.109:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to 94.31.29.54.IPYX-077437-ZYO.above.net  (94.31.29.54:80)

TCP (HTTP):
Connects to vip0x024.map2.ssl.hwcdn.net  (209.197.3.36:80)

TCP (HTTP):
Connects to server-54-230-122-103.dfw50.r.cloudfront.net  (54.230.122.103:80)

Remove ShopAtHome_BAC_Service.exe - Powered by Reason Core Security