home

GenieWifiService.exe

Genie Wifi

LeCheng(beijing) Technology Development Co.Ltd.

The application GenieWifiService.exe, “GenieWifiService.exe” by LeCheng(beijing) Technology Development Co.Ltd has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “GenieWifiService”. This file is typically installed with the program Genie Wifi by oppoos.com.
Publisher:
Oppoos.com  (signed by LeCheng(beijing) Technology Development Co.Ltd.)

Product:
Genie Wifi

Description:
GenieWifiService.exe

Version:
1.0.0.1

MD5:
d1ffe66908934ed3aee0797abdd75114

SHA-1:
07eb0145643a5a8f0c0b163f9ad1bc90df855430

SHA-256:
432d0a6355fd4ddc92b5065d1d03059ed9f93cf7d473a4dd116cf4f32485cbc3

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 1:24:53 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mobogenie.42
9.0.1.05190

ESET NOD32
Win32/Mobogenie.D potentially unwanted application
8.0.319.0

Reason Heuristics
PUP.Mobogenie (L)
16.9.27.17

File size:
50.1 KB (51,352 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014 LeCheng(beijing) Technology Development Co.Ltd., All rights reserved.

Original file name:
GenieWifiService.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\genie soft\genie wifi\geniewifiservice.exe

Digital Signature
Signed by:
LeCheng(beijing) Technology Development Co.Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/15/2014 6:00:00 PM

Valid to:
12/16/2015 5:59:59 PM

Subject:
CN=LeCheng(beijing) Technology Development Co.Ltd., OU=IT, O=LeCheng(beijing) Technology Development Co.Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
09D77BAEB0E0B5305E9A26629BCF675B

File PE Metadata
Compilation timestamp:
3/5/2015 1:41:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:KLZumdMxmLLMkq9UkoEafICVezsURQJV02Clv7Oa+EEcwG:KP2wLLMkq9UtfICM4XCNOkEK

Entry address:
0x72CB

Entry point:
E8, E3, 03, 00, 00, E9, 6B, FD, FF, FF, CC, FF, 25, 64, 82, 40, 00, FF, 25, 68, 82, 40, 00, FF, 25, 6C, 82, 40, 00, CC, CC, CC, CC, CC, CC, CC, CC, 68, 49, 73, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, E8, B1, 40, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF...
 
[+]

Entropy:
6.2980

Code size:
28 KB (28,672 bytes)

Service
Display name:
GenieWifiService

Type:
Win32OwnProcess

Depends on:
RPCSS


The file GenieWifiService.exe has been discovered within the following programs.

Genie Wifi  by oppoos.com
www.oppoos.com
About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-169-165-185.ap-southeast-1.compute.amazonaws.com  (54.169.165.185:80)

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

Remove GenieWifiService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.