genieutils.exe

Genieo Innovation LTD

The application genieutils.exe by Genieo Innovation has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Genieo Innovation LTD  (signed and verified)

MD5:
3cc38f9d73651a5fd0233e8cf9cac6e7

SHA-1:
1ed332df1fc5b144fb901aea79d988374ade017c

SHA-256:
ca1b5a6d93156d5fca6ad1c1ed90b0707862109629e548b5336b12d7e34f697f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Inserts ads in the web browser and modifies the home page. "Genieo Innovation’s Software may include advertisements, which may be targeted to the content or information on the Software, queries made through the Software, or from other information. You agree that we and our third party providers and partners may place advertising on our Software or in connection with the display of content or information on our Software." (EULA)

Analysis date:
11/5/2024 10:50:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.6.9

File size:
45.8 KB (46,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\genieo\application\engine\lib\genieutils.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
1/5/2012 4:00:00 PM

Valid to:
2/7/2014 3:59:59 PM

Subject:
CN=Genieo Innovation LTD, O=Genieo Innovation LTD, L=Herzliah, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3FC43777FA374B717C09D098544C20F1

File PE Metadata
Compilation timestamp:
12/19/2013 2:06:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:LN2EDLQLUFJj275/71VCDmkkJWCkFs/rLgJwR5jcwKYZ:LN2vLoJy7FPCDRkJWYN5jcwlZ

Entry address:
0x159B

Entry point:
E8, 8C, 19, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 78, 9B, 40, 00, E8, 87, 17, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 34, C8, 40, 00, 03, 75, 43, 6A, 04, E8, CB, 1B, 00, 00, 59, 83, 65, FC, 00, 56, E8, F3, 1B, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 14, 1C, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, B7, 1A, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 24, C5, 40, 00, FF, 15, 14, 80, 40, 00, 85, C0, 75, 16, E8, E8, 19, 00...
 
[+]

Entropy:
6.4932

Code size:
27.5 KB (28,160 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 146.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net  (104.254.150.59:80)

TCP (HTTP):
Connects to 143.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net  (104.254.150.11:80)

TCP (HTTP):
Connects to 114.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net  (68.67.178.132:80)

TCP (HTTP SSL):
Connects to server-54-230-37-51.jfk1.r.cloudfront.net  (54.230.37.51:443)

TCP (HTTP):
Connects to server-52-84-33-20.ewr50.r.cloudfront.net  (52.84.33.20:80)

TCP (HTTP):
Connects to server-52-84-33-130.ewr50.r.cloudfront.net  (52.84.33.130:80)

TCP (HTTP):
Connects to server-52-84-33-124.ewr50.r.cloudfront.net  (52.84.33.124:80)

TCP (HTTP):
Connects to proxy.newsfactor.com  (66.35.62.241:80)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.nya.yahoo.com  (69.147.82.61:443)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.cha.yahoo.com  (216.115.96.177:443)

TCP (HTTP):
Connects to cache.google.com  (24.154.57.116:80)

TCP (HTTP):
Connects to a23-215-105-34.deploy.static.akamaitechnologies.com  (23.215.105.34:80)

TCP (HTTP):
Connects to a23-203-73-103.deploy.static.akamaitechnologies.com  (23.203.73.103:80)

TCP (HTTP):
Connects to a23-192-167-165.deploy.static.akamaitechnologies.com  (23.192.167.165:80)

TCP (HTTP SSL):
Connects to vip1.g5.cachefly.net  (205.234.175.175:443)

TCP (HTTP):
Connects to static-acs-24-101-16-27.zoominternet.net  (24.101.16.27:80)

TCP (HTTP SSL):
Connects to server-54-230-7-166.dfw3.r.cloudfront.net  (54.230.7.166:443)

TCP (HTTP SSL):
Connects to server-54-230-7-15.dfw3.r.cloudfront.net  (54.230.7.15:443)

TCP (HTTP SSL):
Connects to server-54-230-51-14.jfk5.r.cloudfront.net  (54.230.51.14:443)

TCP (HTTP SSL):
Connects to server-54-230-37-150.jfk1.r.cloudfront.net  (54.230.37.150:443)

Remove genieutils.exe - Powered by Reason Core Security