» devcon_x86.exe
Overview
Analysis
File Details

devcon_x86.exe

Windows Setup API

Beijing AmazGame Age Internet Technology Co., Ltd.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application devcon_x86.exe, “Windows Setup API” by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 2 anti-malware scanners.

File name:

devcon_x86.exe

Publisher:

Microsoft Corporation (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:

Microsoft® Windows® Operating System

Description:

Windows Setup API

Version:

6.1.7600.16385 (win7_wdk.100208-1538)

MD5:

7162f595cebe7115235f1eaea5374ce6

SHA-1:

ebaaa1635a07b4d8e22915410516788210782b09

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

5/6/2024 11:21:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo.Installer

16.2.18.6

XVirus List

Win.Detected

2.3.31

File size:

80 KB (81,920 bytes)

Product version:

6.1.7600.16385

Original file name:

SETUPAPI.DLL

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\mobogenie\version\oldversion\mobogenie\devcon_x86.exe

Digital Signature

Signed by:

Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

3/16/2012 7:00:00 AM

Valid to:

6/16/2015 6:59:59 AM

Subject:

CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata

Compilation timestamp:

2/9/2010 10:31:47 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

768:3GrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkAl:Y+KY04RMmSCYmBiF4O7WTl

Entry address:

0x6454

Entry point:

E8, 28, 06, 00, 00, E9, C3, FD, FF, FF, CC, CC, CC, CC, CC, CC, FF, 25, 84, 11, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, E0, 11, 00, 01, CC, CC, CC, CC, CC, 3B, 0D, B0, 81, 00, 01, 75, 03, C2, 00, 00, E9, 8C, 06, 00, 00, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, CC, CC, CC, CC, FF, 25, 88, 11, 00, 01, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

5.1538

Code size:

27 KB (27,648 bytes)

Remove devcon_x86.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.