home

geniecleaner.exe

Genie Cleaner

Beijing AmazGame Age Internet Technology Co., Ltd.

The application geniecleaner.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program Genie Cleaner by Mobogenie.com. While running, it connects to the Internet address server-54-192-127-22.nrt52.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Mobogenie.com  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
Genie Cleaner

Version:
1.0.0.2

MD5:
c317f15ade1c9e375c7051776dcc9dea

SHA-1:
d7394f23e899daa0b433f4fb774bfba91b80cea9

SHA-256:
4505bc760b88b4eae5071a65e719db36679aea9e91fdb055697b5542e1e0bde8

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 5:21:33 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo
15.3.26.12

File size:
818.7 KB (838,336 bytes)

Product version:
1.0.0.2

Copyright:
Copyright (C) 2014 Gamease Age Digital Technology Co., Ltd., All rights

Original file name:
Genie Cleaner

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\genie soft\genie cleaner\geniecleaner.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/15/2012 5:00:00 PM

Valid to:
6/15/2015 4:59:59 PM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
3/18/2015 1:13:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Mw4LmH2C2eu+AJQvzruY9hgKu3sC18lwv0eiEvprofFANd3JyE:MhLmH2C2eu+/GfsA8lwv0vEvJofwzp

Entry address:
0x954E4

Entry point:
E8, 2A, 04, 00, 00, E9, 6B, FD, FF, FF, FF, 25, 14, E5, 49, 00, FF, 25, 18, E5, 49, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 34, 70, 4B, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A0, 90, 4B, 00, 89, 0D, 9C, 90, 4B, 00, 89, 15, 98, 90, 4B, 00, 89, 1D, 94, 90, 4B, 00, 89...
 
[+]

Entropy:
6.7541

Code size:
625.5 KB (640,512 bytes)

The file geniecleaner.exe has been discovered within the following program.

Genie Cleaner  by Mobogenie.com
www.voga360.com
42% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-27-39.mxp4.r.cloudfront.net  (54.192.27.39:80)

TCP (HTTP):
Connects to server-54-192-185-134.cdg51.r.cloudfront.net  (54.192.185.134:80)

TCP (HTTP):
Connects to server-54-239-172-19.atl50.r.cloudfront.net  (54.239.172.19:80)

TCP (HTTP):
Connects to server-54-230-197-17.lhr50.r.cloudfront.net  (54.230.197.17:80)

TCP (HTTP):
Connects to 74-115-0-211.anchorfree.com  (74.115.0.211:80)

TCP (HTTP):
Connects to server-54-230-202-42.fra50.r.cloudfront.net  (54.230.202.42:80)

TCP (HTTP):
Connects to server-54-182-4-74.hkg51.r.cloudfront.net  (54.182.4.74:80)

TCP (HTTP):
Connects to server-54-239-172-23.atl50.r.cloudfront.net  (54.239.172.23:80)

TCP (HTTP):
Connects to server-54-182-4-247.hkg51.r.cloudfront.net  (54.182.4.247:80)

TCP (HTTP):
Connects to server-54-182-4-230.hkg51.r.cloudfront.net  (54.182.4.230:80)

TCP (HTTP):
Connects to server-52-85-69-62.lhr5.r.cloudfront.net  (52.85.69.62:80)

TCP (HTTP SSL):
Connects to dh-in-f157.1e100.net  (209.85.203.157:443)

TCP (HTTP):
Connects to server-54-182-4-102.hkg51.r.cloudfront.net  (54.182.4.102:80)

TCP (HTTP SSL):
Connects to dh-in-f155.1e100.net  (209.85.203.155:443)

TCP (HTTP):
Connects to static.khi77.pie.net.pk  (221.120.207.59:80)

TCP (HTTP):
Connects to server-54-230-78-125.cdg50.r.cloudfront.net  (54.230.78.125:80)

TCP (HTTP):
Connects to server-54-230-190-161.maa3.r.cloudfront.net  (54.230.190.161:80)

TCP (HTTP):
Connects to server-52-85-69-207.lhr5.r.cloudfront.net  (52.85.69.207:80)

TCP (HTTP):
Connects to dh-in-f138.1e100.net  (209.85.203.138:80)

TCP (HTTP):
Connects to dh-in-f101.1e100.net  (209.85.203.101:80)

Remove geniecleaner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.