home

mobogenie_setup_2.2.2_21.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application mobogenie_setup_2.2.2_21.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Beijing AmazGame Age Internet Technology Co., Ltd.  (signed and verified)

MD5:
8205c058f036fc6a5175babc91eccdc2

SHA-1:
dd8e3aaceaed15b30028abe80a549f889659fac4

SHA-256:
9e2353b28bfd0b7b10a70a5533ddf19cf58aa13a95c8fab06091c284ca7dc0af

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 2:41:33 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Mobogen
2.1.4+

avast!
NSIS:NextLive-A [Adw]
2014.9-140317

Dr.Web
Adware.NextLive.2
9.0.1.076

ESET NOD32
Win32/Mobogenie
8.9671

G Data
Win32.Application.Mobogenie
14.3.24

herdProtect (fuzzy)
variant of mobogenie_setup_2.2.2_73.exe
2014.5.2.6

IKARUS anti.virus
Nsis
t3scan.1.6.1.0

McAfee
Artemis!55CB320CF560
5600.7143

Reason Heuristics
PUP.Optional.Installer.BeijingAmazGameAgeInternetTechnologyCo.W
14.3.17.15

Trend Micro House Call
TROJ_GEN.F47V0313
7.2.76

VIPRE Antivirus
Trojan.AndroidOS.Generic.A
28214

File size:
20.4 MB (21,379,976 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\mobogenie_setup_2.2.2_21.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 1:00:00 AM

Valid to:
6/16/2015 1:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:ZEPbgalmaxfWyd9lKm4x7tCEQQclJN5XnhOEjFn4UDefp9g8odVK3gE6GlLD2KIM:Zg8g3d9lX2Q5bnkw8mMRLD2TET2BbKZf

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file mobogenie_setup_2.2.2_21.exe has been seen being distributed by the following 20 URLs.

https://dw.uptodown.com/dwn/hrYVOqu9whtvebFvzxFjM4niPzAz58dmxGXewPgd2Cc0cZqD9oAN6sRZfub_sh3JQRjz38GdilZuMEFscRHdMjnm_2xDr-Y9P9z0lOuYrsKP2fIazKbyngJkCK-6Dg9H/5xbR4w6Fzhg0FH0yvWNJpvkSeHWLBvOLkocsfuXcXjiaUP_pGM06Elfr0MnY47yhira4woJ-m1mTnkamF3YsVlk-HaHAE9VHgo5DsqmrIpkN9I8298iO9bx3HVPw5UUQ/p6PlKEBIDzz54JEMDTpRH-1iH0jr6pewmzdK5zHLvEsrNRqXK8kr7DJVe7Ttu9QRijTG614H_PguFOP_EghptaGFBMVNBEqR47pKEJ57RsEzMsLvRxMHAnNl1kFbZMLN/.../

https://dw.uptodown.com/dwn/iI8AVg-qCY1NvWuvdGd9VTNOOJ84ZzTtH_r5mOm-6o5Qe6YjGv8v2g1FnqoUrI6G6w0RZIWGmSpALtHAgeTRnRzodfUbj1zIOBzhlXpdHUsZmMEtnJPPNsvtEpfBm6ju/sgeGqBFSc80PM37KXYVBAuAv9HNXT4RcyZmAbyOVNCUAtY6uxSaSDp3p-gizIh0UMMiFlo1jBWZ8xQMFFDoxNOs3z_L9rZ26QYtNLrklh2KuuHp6ekf7Fy3YsKQ1BWq1/JGZtIf8d_ZP9n3sSCt-x8McakGxPsC04OHZ4J5DE8mQIti-rOtNZ2Jx_JX35WfJgieU7ZfU9pKA15WIVpv3mbGj4gE5MZ5hfnGzrkpfJ0t7vFlc7okgtZzJ1zPPWM0Lb/.../

https://dw.uptodown.com/dwn/QJDWR-McSWk5ZtDoXTAfh7MTM8lTwNTlnPFsC8nrsMEYokUSUIRXwSIS54y5uAUxoNzQkdBhnM0cVqu4sXqCgn1acsDxO9z1uyd-ubm15K4BgQGnLJngM6oUIWJbIUWv/SfjMambk3dmRwIOYveTOr0dz6VO3SDXKxOn1ufwdDxO76BqnRme32TU8q59KBVReGR4OtwDLTp3D-S-jckVE-YnTUC1Ssvj94Yn3BKLFFvxduUXnK5cx-JvNaGL3mdrm/vyUH3Aagtc-OQWDwO-OCCcQsQU6nVSgruhNbgOPX-3-mHviNv_5Jd61qJseIiUdE5DRGcSFNl6cpx3ur7ZsUb3TdseqRpzRPcjKFHw9eHv4b4Aj3XmBhTtWxf5eI7uF2/.../

http://server.mobogenie.com/.../downloadClient.htm?media=21

https://dw.uptodown.com/dwn/8K2SyuHENH7DiiG-maB6gWBHCiuDIVjAWWZTMEibptGTnJd3Jk2SmIOzkd4MlO9NX8i_iaNhFelkwp7T1VXXKJ--tXi8Tps42xwn-pKEx4kDvwSac1-eYJZQfAs9KTKI/Xeu86JCh--e3k2fqzPAFox5_eL57xeze8zB_7oibMLROy8V0BRdeIqX9tP6QZSTUx1Zn7J21eUTl6EKEmmDC4l7ynyOv9Q8ociXDCqb3NIvxguPpRkTxtJ_OKKLfErUZ/w4lWnGlEDNRLB8-gTed6ZD4DCF2dPh0ZEU9a1RslgMU0H9_KvrJCK01fmJZC9hozMo3kGIU_b5iRV-AUgXXdlt4ht2OND1jykPG_O0lTh6m9OzpUpW6KCSfdKn7ymgGI/.../

https://dw.uptodown.com/dwn/JWypSQHh5WMOOgtLgmpU_N4yX1yfBtpDCFYbU1fyt3bPVg-moh88G5n0CRY4s_Rxtg8jGU9skIYlvOLKIkOHO1LzuHp_c94u7rtlrP3l15qLttUDZWXzLYG_4nBBOP8J/lhPcpuTLxxBis2oUTU_s3XNhoW742DaAMfSjcwl78Lo7jORP1KDc7pQ6mXcJ_CgSLDOVUkwFiwUOJ9BZsnSrHED5xJ0snnpsi5DcD1P-EH4r_AWOl1alSxmlGowZ10Tj/.../

https://dw.uptodown.com/dwn/czRHJeUFU77BVwcV0ViCqY9zbNz1eRcTsNxYwcSdKk1oFRZ-JFDIHnzCZnge344kpQgiocHytTCtHGN9kjKpP5fePqSvr-D6aUY5rtU40UDUA4YSitErPsk-lzHKmDGf/F1Ss1Z0W7nrwk8kVYfnQRmYAYqBSqn8M4HtZlBuukew0CUE06W2CenoE6frmmlqvi4p9Ge3tPNGCX4B3d6GtRmXP_UX7wOS1WwGclH2zKiBQiRKNsvlgBHrXt8tZfL2S/.../

http://turbobit.net/download/redirect/82E6D3B47323234194C3A0DA50331069/.../mobogenie-2-2-2-en-win.exe

http://download1812.mediafire.com/t532ykcw24yg/.../Mobogenie_Setup_2.2.2_21.exe

http://download841.mediafire.com/fn13wd1v78eg/.../Mobogenie_Setup_2.2.2_21.exe

https://dw.uptodown.com/dwn/_ovzuqDk9SZD6tCX1jepDyuwv-21KitfG8G0X7DNRry4rUGaEqGZhumxMPFcjf-oypM6cTFVlO_Ekcv-C3Mm4X-q13t6v7F8dIo4ul1h_0CZF5yRiwTZzls8r755fJy5/YyGLuUD8dqWFbyhxL824mJfx5N1M3xayITIgT1rTMNhYYevKXdXMG815Lflupq3Znzh5bJwBlnUHKLbZmmbOxmDE0KJ81ZD3zGqcU2IR5i0riNcskaJCL7NEDgzQ89dl/.../

http://turbobit.net/download/redirect/CC4517DCE372E1CFF35542D956190D44/.../mobogenie-2-2-2-en-win.exe

http://download1680.mediafire.com/nfmcg5anxcig/.../Mobogenie_Setup_2.2.2_21.exe

http://turbobit.net/download/redirect/18808F7BA26AD6ACF6342CCD94905F9E/.../mobogenie-2-2-2-en-win.exe

http://turbobit.net/download/redirect/4C985B94D57A7614A50CA483636B48D6/.../mobogenie-2-2-2-en-win.exe

https://dw.uptodown.com/dwn/nFgp6sjrY1GTdrNl7iE7cRjWPdrYJGNnZhXa_igMgaLTdBmE3HwOiLbQQ7sTaRr-z6bJEOyhAmj-jFKyj5YerFYvtbhFG1pOGOK29JvsIKxk3ta8XfMZXr-B9CJU0fiV/VySdzcrW6Pq5Z6npDwzVrgU7TAkKBYuNHIhQz3yww0fzoPhwx7aojLqfcI9LgtKBeB1geNjU896Haoyu8l1m63GEpJ16tsf3TocOcbXDGwESi5jJ-hfaNgo9o2KvSbGf/.../

http://dw.uptodown.com/dwn/uav5Mq3YGKwV6yudiU-Co7QE16U2D8i2k8JAZjzsNuN6ebI2ygPHyRGxQZZut7WVlK6lJmtvSy2ATMpEVDVNP7BT5RFBjXX43opM8X423OeD14edGezr4b20zazAHs2i/.../

http://dw.uptodown.com/dwn/9I957R5RDmxavdlnGSCqpfqLwRTOCxGNbnK98VcQkEms5CSwrUWyVbXsqrQwkSaaH_50gQiQt00ZWPt4wwOd1xapskCPBrVJNQEpS2imKao7YQx-1sQsSYhcnCDiyBoU/lJUcqIp3xKi1v0nKwPlsc12hNkFCjMoeMlAx2p2frd0LjH4k2NqHMKH9sZza3HU_EJUmIR3lp_Kr8Uatjbc8qWZ9KTPzmBTdKm049DPn3d83s_xdWUuEk6je6pmh11wY/.../

http://server.mobogenie.com/.../downloadClient.htm?media=21&cname=5

http://download.mobogenie.com/mu/.../Mobogenie_Setup_2.2.2_21.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-77-136-199.ap-southeast-1.compute.amazonaws.com  (52.77.136.199:80)

Remove mobogenie_setup_2.2.2_21.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.