genieutils.exe

Genieo Innovation LTD

The application genieutils.exe by Genieo Innovation has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-84-7-116.ord54.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Genieo Innovation LTD  (signed and verified)

MD5:
4a98d0107031244b51e9b031a0a46dd9

SHA-1:
dd0eb35dcec9a3e794a4da2dcd83b75691dbcdb6

SHA-256:
80b053e61813237d80a192b631494c157f92ddc97653b66d6d3c7357ccc455cd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Inserts ads in the web browser and modifies the home page. "Genieo Innovation’s Software may include advertisements, which may be targeted to the content or information on the Software, queries made through the Software, or from other information. You agree that we and our third party providers and partners may place advertising on our Software or in connection with the display of content or information on our Software." (EULA)

Analysis date:
12/24/2024 1:06:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.6.9

File size:
45.8 KB (46,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\genieo\application\engine\lib\genieutils.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
1/5/2012 6:00:00 PM

Valid to:
2/7/2014 5:59:59 PM

Subject:
CN=Genieo Innovation LTD, O=Genieo Innovation LTD, L=Herzliah, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3FC43777FA374B717C09D098544C20F1

File PE Metadata
Compilation timestamp:
4/8/2013 8:21:19 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:qN2EDLQLUFJj275/71VCDmkkJWCkFs+rLaJwR5jcGKYFr:qN2vLoJy7FPCDRkJWNj5jcGld

Entry address:
0x159B

Entry point:
E8, 8C, 19, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 78, 9B, 40, 00, E8, 87, 17, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 34, C8, 40, 00, 03, 75, 43, 6A, 04, E8, CB, 1B, 00, 00, 59, 83, 65, FC, 00, 56, E8, F3, 1B, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 14, 1C, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, B7, 1A, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 24, C5, 40, 00, FF, 15, 14, 80, 40, 00, 85, C0, 75, 16, E8, E8, 19, 00...
 
[+]

Entropy:
6.4922

Code size:
27.5 KB (28,160 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to techspot.com  (184.173.241.66:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):

TCP (HTTP):
Connects to yv-in-f139.1e100.net  (74.125.21.139:80)

TCP (HTTP):
Connects to yv-in-f138.1e100.net  (74.125.21.138:80)

TCP (HTTP):
Connects to server-52-84-7-116.ord54.r.cloudfront.net  (52.84.7.116:80)

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (54.231.32.122:443)

TCP (HTTP):
Connects to s220.web-hosting.com  (198.54.115.38:80)

TCP (HTTP):
Connects to ord38s01-in-f19.1e100.net  (172.217.6.19:80)

TCP (HTTP):
Connects to ord36s04-in-f110.1e100.net  (172.217.4.110:80)

TCP (HTTP):
Connects to ec2-52-70-89-118.compute-1.amazonaws.com  (52.70.89.118:80)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.daa.yahoo.com  (69.147.86.11:443)

TCP (HTTP):
Connects to a72-246-65-177.deploy.akamaitechnologies.com  (72.246.65.177:80)

TCP (HTTP):
Connects to a72-246-64-176.deploy.akamaitechnologies.com  (72.246.64.176:80)

TCP (HTTP SSL):
Connects to a23-78-230-205.deploy.static.akamaitechnologies.com  (23.78.230.205:443)

TCP (HTTP):

TCP (HTTP):
Connects to a23-215-132-194.deploy.static.akamaitechnologies.com  (23.215.132.194:80)

TCP (HTTP):
Connects to a23-215-105-104.deploy.static.akamaitechnologies.com  (23.215.105.104:80)

TCP (HTTP):
Connects to a23-201-103-114.deploy.static.akamaitechnologies.com  (23.201.103.114:80)

TCP (HTTP):
Connects to a23-201-103-105.deploy.static.akamaitechnologies.com  (23.201.103.105:80)

Remove genieutils.exe - Powered by Reason Core Security