genieutils.exe

Genieo Innovation LTD

The application genieutils.exe by Genieo Innovation has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Genieo Innovation LTD  (signed and verified)

MD5:
58aa210b2188876b1beb1bb0e796ac20

SHA-1:
892b7226cd7759a99f21831cbfe2cd906fe732a3

SHA-256:
f14bc13fd7395b9086edd270268b2b041e379c622b210253d3742778490283d5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Inserts ads in the web browser and modifies the home page. "Genieo Innovation’s Software may include advertisements, which may be targeted to the content or information on the Software, queries made through the Software, or from other information. You agree that we and our third party providers and partners may place advertising on our Software or in connection with the display of content or information on our Software." (EULA)

Analysis date:
8/18/2018 12:15:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.6.9

File size:
45.8 KB (46,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\genieo\application\engine\lib\genieutils.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/10/2014 12:00:00 AM

Valid to:
2/9/2016 11:59:59 PM

Subject:
CN=Genieo Innovation LTD, O=Genieo Innovation LTD, L=Herzliah, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1B98BC775598D0C401E0D6CC4349529A

File PE Metadata
Compilation timestamp:
10/20/2014 10:42:19 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:fN2EDLQLUFJj275/71VCDmkkJWCkFsNrLrJwR5jclKY9X:fN2vLoJy7FPCDRkJWea5jcll9X

Entry address:
0x159B

Entry point:
E8, 8C, 19, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 78, 9B, 40, 00, E8, 87, 17, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 34, C8, 40, 00, 03, 75, 43, 6A, 04, E8, CB, 1B, 00, 00, 59, 83, 65, FC, 00, 56, E8, F3, 1B, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 14, 1C, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, B7, 1A, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 24, C5, 40, 00, FF, 15, 14, 80, 40, 00, 85, C0, 75, 16, E8, E8, 19, 00...
 
[+]

Entropy:
6.4923

Code size:
27.5 KB (28,160 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 186-192-91-9.prt.globo.com  (186.192.91.9:80)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.mib.yahoo.com  (68.180.134.8:443)

TCP (HTTP):
Connects to static-200-94-128-85.alestra.net.mx  (200.94.128.85:80)

TCP (HTTP SSL):
Connects to i.wpimg.pl  (212.77.100.137:443)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.mib.yahoo.com  (68.180.134.7:443)

TCP (HTTP):
Connects to wordpress-105.fwmedia.com  (204.12.67.5:80)

TCP (HTTP):
Connects to static.178.118.4.46.clients.your-server.de  (46.4.118.178:80)

TCP (HTTP):
Connects to incognitadigital.com.br  (45.55.41.181:80)

TCP (HTTP):
Connects to hm8169.locaweb.com.br  (186.202.153.122:80)

TCP (HTTP):
Connects to get-2.wpapi.wp.pl  (212.77.100.76:80)

TCP (HTTP):
Connects to ext-189-247-165-27.uninet.net.mx  (189.247.165.27:80)

TCP (HTTP):
Connects to ext-189-247-163-25.uninet.net.mx  (189.247.163.25:80)

TCP (HTTP):
Connects to core24.hostingmadeeasy.com  (72.9.158.240:80)

TCP (HTTP):
Connects to client-200.60.136.42.speedy.net.pe  (200.60.136.42:80)

TCP (HTTP):
Connects to b1c15f8b.virtua.com.br  (177.193.95.139:80)

TCP (HTTP):
Connects to a23-77-202-105.deploy.static.akamaitechnologies.com  (23.77.202.105:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a200-75-200-208.deploy.akamaitechnologies.com  (200.75.200.208:80)

TCP (HTTP SSL):
Connects to a104-107-41-98.deploy.static.akamaitechnologies.com  (104.107.41.98:443)

Remove genieutils.exe - Powered by Reason Core Security