home

MovieModeService.exe

Movie Mode Service

GenTechnologies Apps, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application MovieModeService.exe by GenTechnologies Apps has been detected as adware by 25 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Movie Mode”.
Publisher:
GenTechnologies Apps, LLC  (signed and verified)

Product:
Movie Mode Service

Version:
1.0.0.0

MD5:
5357ca434d030297cafebecf76268844

SHA-1:
4d9c3bc7e3216b9c1231cf631e20561f4ffd7a9a

SHA-256:
ce75312486c9adec70195167dc4022609e962588158d7568e1576ced889b9c55

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/25/2024 9:57:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.380518
359

Agnitum Outpost
PUA.PullUpdate
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.212.220

avast!
Win32:Adware-gen [Adw]
2014.9-160210

AVG
GenTec
2017.0.2837

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.16210

Bitdefender
Gen:Variant.Kazy.380518
1.0.20.205

Comodo Security
ApplicUnwnt
21233

Dr.Web
Adware.Plugin.175
9.0.1.041

Emsisoft Anti-Malware
Android.Trojan.Boqx
8.16.02.10.05

ESET NOD32
MSIL/Adware.PullUpdate (variant)
10.11245

Fortinet FortiGate
Adware/PullUpdate
2/10/2016

F-Secure
Gen:Variant.Kazy.380518
11.2016-10-02_4

G Data
Gen:Variant.Kazy.380518
16.2.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.178.12292

Malwarebytes
Adware.MovieMode
v2016.02.10.05

MicroWorld eScan
Gen:Variant.Kazy.380518
17.0.0.123

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Reason Heuristics
PUP.Injekt.GenTechnologiesApps (M)
16.2.10.17

Sophos
Pull Update
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9332

Trend Micro House Call
TROJ_GEN.F47V0323
7.2.41

VIPRE Antivirus
Threat.4872425
29800

XVirus List
Win.Detected
2.3.31

File size:
51.6 KB (52,880 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © GenTechnologies Apps, LLC 2014

Original file name:
MovieModeService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\moviemode\moviemodeservice.exe

Digital Signature
Signed by:
GenTechnologies Apps, LLC

Authority:
COMODO CA Limited

Valid from:
5/29/2013 8:00:00 PM

Valid to:
5/30/2014 7:59:59 PM

Subject:
CN="GenTechnologies Apps, LLC", O="GenTechnologies Apps, LLC", STREET=640 Grand Avenue, STREET=Suite E, L=Carlsbad, S=California, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
06D4A5EDA561071FC293924D6DFC6300

File PE Metadata
Compilation timestamp:
1/24/2014 8:40:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:WBjMOkJttMr7wybo3/okM8MUwOUVvSeitVExVcornAYTGCZon3TYGoYME/:kQtX/I8VNUdSeitVSVcYAYTGCZYz/

Entry address:
0xC45E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9460

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41.5 KB (42,496 bytes)

Service
Display name:
Movie Mode

Service name:
MovieMode

Description:
Provides system level support for Movie Mode.

Type:
Win32OwnProcess


Remove MovieModeService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.