» mobogenie_setup_2.1.32_310.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

mobogenie_setup_2.1.32_310.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application mobogenie_setup_2.1.32_310.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Mobogenie by Beijing Yang Fan Jing He Information Consulting Co. Ltd.. The file has been seen being downloaded from upload.mobogenie.com and multiple other hosts.

File name:

Publisher:

Beijing AmazGame Age Internet Technology Co., Ltd. (signed and verified)

MD5:

3b6d137d268fc05e6ba215cb9187f2f7

SHA-1:

a596b9b3028abbecf836302c20a13a91c97de537

SHA-256:

5a662e5d04fcb5e09d9342b9a8f0d21991674439bfadb080163bb9a5069261ac

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 8:04:58 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.NewNextMe.A

724

Avira AntiVirus

APPL/NextLive.opea.2

7.11.157.220

avast!

NSIS:NextLive-A [Adw]

2014.9-150210

Comodo Security

ApplicUnwnt.Win32.NextLive.~A

18727

Dr.Web

Adware.NextLive.2

9.0.1.041

ESET NOD32

Win32/Mobogenie

9.10025

Fortinet FortiGate

Adware/Agent

2/10/2015

F-Secure

Adware.NewNextMe.A

11.2015-10-02_3

G Data

Win32.Adware.NextLive

15.2.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.NextLive.A

v2015.02.10.03

MicroWorld eScan

Adware.NewNextMe.A

16.0.0.123

NANO AntiVirus

Trojan.Win32.NextLive.csjhvj

0.28.0.60577

Reason Heuristics

PUP.Optional.Installer

15.2.10.15

Trend Micro House Call

TROJ_GE.257D314F

7.2.41

File size:

16.9 MB (17,705,416 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\mobogenie_setup_2.1.32_310.exe

Digital Signature

Signed by:

Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

3/16/2012 1:00:00 AM

Valid to:

6/16/2015 1:59:59 AM

Subject:

CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:MEPH6oM287hFTxB3jFWqy0Yn5qNZgs+usfa08IR789NqbyQBFn6PPa:Mgav2IhFTx9Yn5Was+usy08KY9NYyQBV

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file mobogenie_setup_2.1.32_310.exe has been discovered within the following program.

Mobogenie by Beijing Yang Fan Jing He Information Consulting Co. Ltd.

Mobogenie is an Android app store portal that may use the OpenCandy, Quick Downloader, Conduit and various other monetization programs to bundle with third party installers. In many cases some versions (mostly older ones) are bundled by third party distribution platforms.

www.mobogenie.com/pc.html

56% remove it

The file mobogenie_setup_2.1.32_310.exe has been seen being distributed by the following 2 URLs.

http://upload.mobogenie.com/mu/.../Mobogenie_Setup_2.1.32_310.exe

http://server.mobogenie.com/.../downloadClient.htm?media=310

Remove mobogenie_setup_2.1.32_310.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.