home

daemonprocess.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application daemonprocess.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 3 anti-malware scanners. This file is typically installed with the program Mobogenie by Beijing Yang Fan Jing He Information Consulting Co. Ltd..
Publisher:
Beijing AmazGame Age Internet Technology Co., Ltd.  (signed and verified)

MD5:
9ae353924fc36796275dfbaf41e7e782

SHA-1:
9bfbfb3c5ad195fb7d98ae04bd8f893152f0b76d

SHA-256:
c11bcf69847bfdfeda4d65cd8dff44a0224ebe451577c8cb9c4b429f4088b27e

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 3:35:52 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mobogenie-O [Adw]
2014.9-140722

ESET NOD32
Win32/Mobogenie (variant)
8.10135

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo.N
14.7.22.14

File size:
731.2 KB (748,736 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\mobogenie\version\oldversion\mobogenie\daemonprocess.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 1:00:00 AM

Valid to:
6/16/2015 1:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
7/22/2014 1:17:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:7w9TKuSSPQWiT6Mih38kDL2DCUZAabcJhxfXFcRW98ONhF33kTak:7whTPQWiL8DLRU2zCW98ONhhul

Entry address:
0x80A7F

Entry point:
E8, 5F, 05, 00, 00, E9, B3, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8...
 
[+]

Code size:
548.5 KB (561,664 bytes)

The file daemonprocess.exe has been discovered within the following program.

Mobogenie  by Beijing Yang Fan Jing He Information Consulting Co. Ltd.
Mobogenie is an Android app store portal that may use the OpenCandy, Quick Downloader, Conduit and various other monetization programs to bundle with third party installers. In many cases some versions (mostly older ones) are bundled by third party distribution platforms.
www.mobogenie.com/pc.html
56% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-76-44-172.ap-southeast-1.compute.amazonaws.com  (52.76.44.172:80)

TCP (HTTP):
Connects to ec2-52-77-136-199.ap-southeast-1.compute.amazonaws.com  (52.77.136.199:80)

TCP (HTTP):
Connects to ec2-52-76-161-194.ap-southeast-1.compute.amazonaws.com  (52.76.161.194:80)

TCP (HTTP):
Connects to ec2-52-221-13-95.ap-southeast-1.compute.amazonaws.com  (52.221.13.95:80)

TCP (HTTP):
Connects to ec2-52-220-243-55.ap-southeast-1.compute.amazonaws.com  (52.220.243.55:80)

TCP (HTTP):
Connects to ec2-54-169-200-31.ap-southeast-1.compute.amazonaws.com  (54.169.200.31:80)

TCP (HTTP):
Connects to ec2-54-254-213-170.ap-southeast-1.compute.amazonaws.com  (54.254.213.170:80)

TCP (HTTP):
Connects to ec2-54-255-133-240.ap-southeast-1.compute.amazonaws.com  (54.255.133.240:80)

Remove daemonprocess.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.