home

Update.exe

Mobogenie

Beijing AmazGame Age Internet Technology Co., Ltd.

The application Update.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address server-54-192-29-55.dub2.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Mobogenie.com  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
Mobogenie

Description:
Update.exe

Version:
1.0.0.6

MD5:
0d1bc5715603e7168a96f16dfb63cdf5

SHA-1:
e569e0e8d102a167442a0227dbc70269a29141ed

SHA-256:
7aa4979020d8d3536768dbfab5e9833c72dbe48afeeb583d1fcfd6a7b0744907

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 3:16:52 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mobogenie.14
9.0.1.0313

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo.G
14.11.9.3

File size:
166.2 KB (170,176 bytes)

Product version:
1.0.0.6

Copyright:
Copyright (C) 2014 Gamease Age Digital Technology Co., Ltd., All rights

Original file name:
Update.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\mobogenie3\update.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 5:30:00 AM

Valid to:
6/16/2015 5:29:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
11/5/2014 2:55:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:r4od6fI2aC3Zlk6gDCpSXc3fLaYmrbz2g5fXDIMatvt3uNkv49HuQOAkPn:c/fI2aC3XPpYc3fLaYmrbzdQxuNM49Of

Entry address:
0x1CEB2

Entry point:
E8, DC, 04, 00, 00, E9, B3, FD, FF, FF, FF, 25, D4, F2, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, FF, 25, D8, F2, 41, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 60, 7C, 42, 00, 89, 0D, 5C, 7C, 42, 00, 89, 15, 58, 7C, 42, 00, 89, 1D, 54, 7C, 42, 00, 89, 35, 50, 7C, 42, 00, 89, 3D, 4C, 7C, 42, 00, 66, 8C...
 
[+]

Entropy:
6.4977

Code size:
120 KB (122,880 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-216-32.mrs50.r.cloudfront.net  (54.230.216.32:80)

TCP (HTTP):
Connects to server-52-85-221-91.cdg50.r.cloudfront.net  (52.85.221.91:80)

TCP (HTTP):
Connects to server-54-230-216-74.mrs50.r.cloudfront.net  (54.230.216.74:80)

TCP (HTTP):
Connects to server-54-230-216-27.mrs50.r.cloudfront.net  (54.230.216.27:80)

TCP (HTTP):
Connects to server-54-230-216-234.mrs50.r.cloudfront.net  (54.230.216.234:80)

TCP (HTTP):
Connects to server-54-230-216-138.mrs50.r.cloudfront.net  (54.230.216.138:80)

TCP (HTTP):
Connects to server-54-192-19-110.iad12.r.cloudfront.net  (54.192.19.110:80)

TCP (HTTP):
Connects to server-54-192-129-33.ams50.r.cloudfront.net  (54.192.129.33:80)

TCP (HTTP):
Connects to server-52-85-63-67.lhr50.r.cloudfront.net  (52.85.63.67:80)

TCP (HTTP):
Connects to server-52-85-63-23.lhr50.r.cloudfront.net  (52.85.63.23:80)

TCP (HTTP):
Connects to server-52-85-63-160.lhr50.r.cloudfront.net  (52.85.63.160:80)

TCP (HTTP):
Connects to server-54-240-186-27.mad50.r.cloudfront.net  (54.240.186.27:80)

TCP (HTTP):
Connects to server-54-230-95-10.fra2.r.cloudfront.net  (54.230.95.10:80)

TCP (HTTP):
Connects to server-54-230-81-206.mia50.r.cloudfront.net  (54.230.81.206:80)

TCP (HTTP):
Connects to server-54-230-216-80.mrs50.r.cloudfront.net  (54.230.216.80:80)

TCP (HTTP):
Connects to server-54-230-216-156.mrs50.r.cloudfront.net  (54.230.216.156:80)

TCP (HTTP):
Connects to server-54-230-216-152.mrs50.r.cloudfront.net  (54.230.216.152:80)

TCP (HTTP):
Connects to server-54-230-206-60.atl50.r.cloudfront.net  (54.230.206.60:80)

TCP (HTTP):
Connects to server-54-230-187-225.cdg51.r.cloudfront.net  (54.230.187.225:80)

TCP (HTTP):
Connects to server-54-230-187-220.cdg51.r.cloudfront.net  (54.230.187.220:80)

Remove Update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.