home

mobogenie_setup_2.1.28_21.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application mobogenie_setup_2.1.28_21.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Mobogenie by Beijing Yang Fan Jing He Information Consulting Co. Ltd.. The file has been seen being downloaded from download.mobogenie.com and multiple other hosts.
Publisher:
Beijing AmazGame Age Internet Technology Co., Ltd.  (signed and verified)

MD5:
d5961ffe827bd3fc460f2fd9ee79ab05

SHA-1:
fb596716c81e26b4998b6ff97cac16dae789cf3d

SHA-256:
76365698e8bb86e59a01abbef6ef51d91e18a7fb6f8f5cd8f73a993a6ca8da09

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 6:42:31 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:NextLive-A [Adw]
2014.9-140321

Dr.Web
Adware.NextLive.2
9.0.1.080

ESET NOD32
Win32/Mobogenie
8.9564

Reason Heuristics
PUP.Optional.Installer.BeijingAmazGameAgeInternetTechnologyCo.X
14.3.21.2

File size:
16.4 MB (17,223,280 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\mobogenie_setup_2.1.28_21.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 8:00:00 AM

Valid to:
6/16/2015 7:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:4EPtWwRGZYWPHi/bXg6LmqCUgjF8twQh13oiEbahP+dUBKhJgvafeqChh29d:4gQwRKLHiTXgICUzphpv9agqAhAH

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file mobogenie_setup_2.1.28_21.exe has been discovered within the following program.

Mobogenie  by Beijing Yang Fan Jing He Information Consulting Co. Ltd.
Mobogenie is an Android app store portal that may use the OpenCandy, Quick Downloader, Conduit and various other monetization programs to bundle with third party installers. In many cases some versions (mostly older ones) are bundled by third party distribution platforms.
www.mobogenie.com/pc.html
56% remove it
 
Powered by Should I Remove It?

The file mobogenie_setup_2.1.28_21.exe has been seen being distributed by the following 2 URLs.

http://download.mobogenie.com/mu/.../Mobogenie_Setup_2.1.28_21.exe

http://server.mobogenie.com/.../downloadClient.htm?media=21&cname=2

Remove mobogenie_setup_2.1.28_21.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.