Mobogenie.exe

Mobogenie

Beijing AmazGame Age Internet Technology Co., Ltd.

The application Mobogenie.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 3 anti-malware scanners.
Publisher:
Mobogenie.com  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
Mobogenie

Description:
Mobogenie.exe

Version:
3.3.7.89968

MD5:
9c40c6ffc4a5360a430aa0416044d478

SHA-1:
24948d9314dbae5dd5af788199b2ac7b702c6a59

SHA-256:
9b4fcecb6a7bc90e5e6d3b0c840ef01b1d9984e22739fc315cfcadd0a883d25e

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
10/20/2018 3:49:07 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mobogenie.7
9.0.1.0151

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo
15.5.31.5

File size:
3.1 MB (3,236,544 bytes)

Product version:
3.3.7.89968

Copyright:
Copyright (C) 2014 Gamease Age Digital Technology Co., Ltd., All rights

Original file name:
Mobogenie.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\mobogenie3\mobogenie.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/16/2012 3:00:00 AM

Valid to:
6/16/2015 2:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
5/28/2015 5:18:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:iQiHtSew6sKhzj3bvdmi1T73zVPXmX8aJS3Y2m9O6tgsLOthRhPlqSqe:iQIvdmi1TrzVPXmZZg6YVhlt

Entry address:
0x1ABE5E

Entry point:
E8, 17, 05, 00, 00, E9, 24, FD, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 40, 6D, 69, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 40, 6D, 69, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
6.2382

Code size:
2.1 MB (2,215,936 bytes)

The file Mobogenie.exe has been seen being distributed by the following URL.

temp:Mobogenie.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to server-54-230-1-168.lhr5.r.cloudfront.net  (54.230.1.168:80)

TCP (HTTP):
Connects to server-54-230-202-171.fra50.r.cloudfront.net  (54.230.202.171:80)

TCP (HTTP):
Connects to server-54-230-15-229.ams1.r.cloudfront.net  (54.230.15.229:80)

TCP (HTTP):
Connects to server-54-230-15-135.ams1.r.cloudfront.net  (54.230.15.135:80)

TCP (HTTP):
Connects to server-54-230-1-14.lhr5.r.cloudfront.net  (54.230.1.14:80)

TCP (HTTP):
Connects to server-54-230-1-102.lhr5.r.cloudfront.net  (54.230.1.102:80)

TCP (HTTP):
Connects to server-54-192-217-197.mrs50.r.cloudfront.net  (54.192.217.197:80)

TCP (HTTP):
Connects to server-54-192-217-161.mrs50.r.cloudfront.net  (54.192.217.161:80)

TCP (HTTP):
Connects to server-52-85-184-64.fra2.r.cloudfront.net  (52.85.184.64:80)

TCP (HTTP SSL):
Connects to cache.google.com  (103.225.178.172:443)

TCP (HTTP SSL):
Connects to 41.254.37.45.static.ltt.ly  (41.254.37.45:443)

TCP (HTTP):
Connects to server-54-230-187-124.cdg51.r.cloudfront.net  (54.230.187.124:80)

Remove Mobogenie.exe - Powered by Reason Core Security