home

mobogeniedownloader.exe

MobogenieDownloader

Beijing AmazGame Age Internet Technology Co., Ltd.

The application mobogeniedownloader.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from server.mobogenie.com and multiple other hosts. While running, it connects to the Internet address server-54-230-0-115.lhr5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Beijing AmazGame Age Internet Technology Co., Ltd.  (signed and verified)

Product:
MobogenieDownloader

Version:
1, 0, 0, 1

MD5:
b50144bdce7fd6ab392cf5d4b17c8bec

SHA-1:
a2b598ad4d08bcfeb8f98a9aaf493bff45979861

SHA-256:
7df776d80edef6b6ffec5f6b39db0402cc03336784297ad968ba518603e336fd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 5:59:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo.T
14.5.20.16

File size:
1 MB (1,090,256 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2011

Original file name:
MobogenieDownloader

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mobogeniedownloader.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 2:00:00 AM

Valid to:
6/16/2015 2:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
10/9/2013 11:18:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:stairXYMZbgvICK69ZvFxqwMa66IWlzTpSkLosfbTqqoGXNbl0NUwwjLU8wqNacn:sfb2I/69ZayVzTNJbF5WUwwjAlqNVn

Entry address:
0x3AC50

Entry point:
8B, FF, 55, 8B, EC, E8, 16, 8A, 01, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, 70, 80, 47, 00, 68, 10, BB, 43, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, 98, 53, 56, 57, A1, 30, C2, 47, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, 90, 00, 00, 00, 00, 8D, 45, A0, 50, FF, 15, 68, 01, 46, 00, 83, 3D, 3C, F8, 47, 00, 00, 75, 0E, 6A, 00, 6A, 00, 6A, 01, 6A, 00, FF, 15, 6C, 01, 46, 00, E8, 8E, 01...
 
[+]

Code size:
376.5 KB (385,536 bytes)

The file mobogeniedownloader.exe has been seen being distributed by the following 3 URLs.

http://server.mobogenie.com/.../downloadClient.htm?media=2&online=1&cname=2

http://server.mobogenie.com/.../downloadClient.htm?media=2&cname=2&online=1

http://upload2.mobogenie.com/mu/installonline/2_1_19/.../MobogenieDownloader.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-0-115.lhr5.r.cloudfront.net  (54.230.0.115:80)

TCP (HTTP):
Connects to ec2-54-169-200-31.ap-southeast-1.compute.amazonaws.com  (54.169.200.31:80)

Remove mobogeniedownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.