daemonprocess.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application daemonprocess.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 9 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘mobilegeni daemon’. This file is typically installed with the program Mobogenie by Beijing Yang Fan Jing He Information Consulting Co. Ltd..
Publisher:

MD5:
c538bba8638c5f008d07fd979b1f1c83

SHA-1:
a2d473e09f7c019315030a2124dced3b90cb4f87

SHA-256:
69542866a0f49fcf16ab64dc8eb4a7a3f1d23f6f9da941614f969e29747cec3f

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
10/24/2017 3:46:54 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Mobogenie-O [Adw]
2014.9-140313

Dr.Web
Adware.Mobogenie.3
9.0.1.0115

ESET NOD32
Win32/Mobogenie (variant)
8.9704

Fortinet FortiGate
Riskware/Mobogenie
4/25/2014

G Data
Win32.Application.Mobogenie
14.4.24

McAfee
Artemis!8C1D08DB2F0A
5600.7150

McAfee Web Gateway
Artemis!8C1D08DB2F0A
7.7150

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo.N
14.3.13.19

Trend Micro House Call
TROJ_GEN.F47V0402
7.2.72

File size:
746.2 KB (764,096 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\mobogenie\daemonprocess.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/15/2012 8:00:00 PM

Valid to:
6/15/2015 7:59:59 PM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
3/12/2014 3:26:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:gv94DnicwB6JPHhyyhBqMBAd258z/YA2g+L0T0khASi/Rwx:gvGOB6Jhyy3Ad2+gW0khASi0

Entry address:
0x8365F

Entry point:
E8, 5F, 05, 00, 00, E9, B3, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8...
 
[+]

Code size:
561.5 KB (574,976 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
mobilegeni daemon

Command:
C:\Program Files\mobogenie\daemonprocess.exe


The file daemonprocess.exe has been discovered within the following program.

Mobogenie  by Beijing Yang Fan Jing He Information Consulting Co. Ltd.
Mobogenie is an Android app store portal that may use the OpenCandy, Quick Downloader, Conduit and various other monetization programs to bundle with third party installers. In many cases some versions (mostly older ones) are bundled by third party distribution platforms.
www.mobogenie.com/pc.html
56% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to server-52-85-173-10.fra6.r.cloudfront.net  (52.85.173.10:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

Remove daemonprocess.exe - Powered by Reason Core Security