» mscinet.exe
Overview
Analysis
File Details
Behaviors (1)

mscinet.exe

MobileGo

Wondershare

The executable mscinet.exe, “Wondershare MobileGo for Android” has been detected as malware by 20 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows Security Firewall Manager’. This trojan will attemp to establish a connection to a remote server through various TCP ports and will use Winlogon to survive reboots.

File name:

mscinet.exe

Publisher:

Wondershare

Product:

MobileGo

Description:

Wondershare MobileGo for Android

Version:

4.1.0.6

MD5:

591113b0437105bf1987f59eefbb4b22

SHA-1:

220d4915294b29fe492a4442bd19b72c535a1271

SHA-256:

cde333009478e6724f8fc980c54d4eef7bdc55dd6666c8255b81ef33c0c0532b

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/25/2024 3:05:04 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1644251

1023

AhnLab V3 Security

Trojan/Win32.Dropper

14.04.18

Avira AntiVirus

TR/Crypt.Xpack.41232

7.11.144.8

AVG

Win32/Cryptor

2015.0.3501

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.14418

Bitdefender

Trojan.GenericKD.1644251

1.0.20.540

Emsisoft Anti-Malware

Trojan.GenericKD.1644251

8.14.04.18.03

ESET NOD32

Win32/Injector.BCAM (variant)

8.9690

F-Secure

Trojan.GenericKD.1644251

11.2014-18-04_6

G Data

Trojan.GenericKD.1644251

14.4.24

Kaspersky

Trojan.Win32.Inject

14.0.0.3999

Malwarebytes

Trojan.Agent.ED

v2014.04.18.03

McAfee

Artemis!591113B04371

5600.7157

Microsoft Security Essentials

Trojan:Win32/Lethic.B

1.10501

MicroWorld eScan

Trojan.GenericKD.1644251

15.0.0.324

nProtect

Trojan.GenericKD.1644251

14.04.17.03

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.108

Trend Micro

TROJ_FORUCON.BMC

10.465.18

File size:

159.5 KB (163,328 bytes)

Product version:

4.1.0.6

Original file name:

MobileGo.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

4/16/2014 12:30:21 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:LMDCg3wTaitxF9v0WhS61xF8WKJZXtxWI8hG4BEHcAOn:LMD4RFvz/xFROdxW2cP

Entry address:

0xAD22

Entry point:

E8, FE, 43, 00, 00, E9, 89, FE, FF, FF, B8, C8, C3, 41, 00, C3, A1, 00, 09, 42, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 00, 09, 42, 00, 6A, 04, 50, E8, AC, 44, 00, 00, 59, 59, A3, FC, F8, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, 00, 09, 42, 00, E8, 93, 44, 00, 00, 59, 59, A3, FC, F8, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, C8, C3, 41, 00, EB, 05, A1, FC, F8, 41, 00, 89, 0C, 02, 83, C1, 20, 83, C2, 04, 81, F9, 48, C6, 41, 00, 7C, EA, 6A... 
[+]

Entropy:

6.4655

Code size:

87.5 KB (89,600 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Windows Security Firewall Manager

Command:

C:\recycler\mscinet.exe

Remove mscinet.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.