home

mobogenie_setup_2.1.36_68.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application mobogenie_setup_2.1.36_68.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Toolwiz BSafe by ToolWiz. The file has been seen being downloaded from download.mobogenie.com and multiple other hosts.
Publisher:
Beijing AmazGame Age Internet Technology Co., Ltd.  (signed and verified)

MD5:
23289f2705bc86a91643e0998eb3eadb

SHA-1:
946cac7561b0df546d7d347bd60139ad67885ac2

SHA-256:
f0497d4028ff1bf0c749d298d113e1ad98cceb10eda9910e551ae6879c00794e

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 8:11:24 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.NextLive.2
9.0.1.018

herdProtect (fuzzy)
variant of mobogenie_setup_2.1.36_17.exe
2014.1.25.22

IKARUS anti.virus
Virus.Win32.Heur
t3scan.2.2.29

NANO AntiVirus
Trojan.Win32.NextLive.csjhvj
0.28.0.57029

Reason Heuristics
PUP.Optional.Installer.BeijingAmazGameAgeInternetTechnologyCo.X
14.2.21.3

File size:
18.7 MB (19,579,904 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\mobogenie_setup_2.1.36_68.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 3:00:00 AM

Valid to:
6/16/2015 2:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:bEP1FeWMxVyFu61bqLYbjFO2v7VG67jml7MW2khehlsrq4DwrZHK7NKS:bg1FB2SuW0YDv0IynxMhl548KRb

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file mobogenie_setup_2.1.36_68.exe has been discovered within the following program.

Toolwiz BSafe  by ToolWiz
www.Toolwiz.com
About 9% of users remove it
 
Powered by Should I Remove It?

The file mobogenie_setup_2.1.36_68.exe has been seen being distributed by the following 2 URLs.

http://download.mobogenie.com/mu/.../Mobogenie_Setup_2.1.36_68.exe

http://server.mobogenie.com/.../downloadClient.htm?media=68&cname=5

Remove mobogenie_setup_2.1.36_68.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.