mobogeniemini_1002_1036_248420_1.exe

Mobogenie Installer

Beijing AmazGame Age Internet Technology Co., Ltd.

The application mobogeniemini_1002_1036_248420_1.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from product.mobogenie.com and multiple other hosts.
Publisher:

Product:
Mobogenie Installer

Version:
1.0.0.1000

MD5:
3c964680a74458d5526eb26c22924043

SHA-1:
3297750c103419b3762b0e38e1fd1e62ab575a60

SHA-256:
134588dc07bc36b8fb1dcca40e9f537dd9883e34129fdc5dc59940abcaa1ecb1

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/30/2024 11:10:40 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mobogenie.21, Adware.Mobogenie.41
9.0.1.05190

Emsisoft Anti-Malware
Application.Win32.AdGenie
11.5.0.6191

ESET NOD32
Win32/Adware.Mobogenie.A application
6.3.12010.0

Reason Heuristics
PUP.Optional.BeijingA.Installer
17.3.1.14

VIPRE Antivirus
Threat.4150696
49494

File size:
778.7 KB (797,384 bytes)

Copyright:
Copyright (c) 2014 Gamease Age Digital Technology Co., Ltd., All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mobogeniemini_1002_1036_248420_1.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/15/2012 7:00:00 PM

Valid to:
6/15/2015 6:59:59 PM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
2/24/2012 1:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:OAMXPHGbzsk5M3oDuAGXjQ8JHmGAoXjuG:XeLX08JGGnXaG

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.4179

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file mobogeniemini_1002_1036_248420_1.exe has been seen being distributed by the following 36 URLs.

http://product.mobogenie.com/.../clientDownload.htm?media=1036&online=1&rid=847431&t=1

http://product.mobogenie.com/.../clientDownload.htm?media=1036&online=1&rid=388455&t=1

http://product.mobogenie.com/.../clientDownload.htm?media=1036&online=1&rid=3225523&t=1

https://mega.nz/temporary/.../Zs4gyb5A

http://product.mobogenie.com/.../clientDownload.htm?media=1036&online=1&rid=2775759&t=1

temp:mobogeniemini_1002_10006 (1).exe

http://product.mobogenie.com/.../clientDownload.htm?media=1036&online=1&rid=2228220&t=5

http://product.mobogenie.com/.../clientDownload.htm?media=1036&online=1&rid=3196140&t=1

http://product.mobogenie.com/.../clientDownload.htm?media=1036&online=1&rid=1206047&t=1

http://www.bestmetagrab.com/XFsozvv1hPNea3O5jQxDku6eOg6mv5wycgAsJ_UrVCE2w9 OzXahgaWaTrka0Ax_s UmJBHhdcL0GiUJzCpYYew_cNdJJg3 QJDpgoCsnB_liHuaal6TzZ kNS8KjYBHeliBrsWvyJivMIAMcRt_Yk03bFU4SU9Q8fDMIAEtuuhhVRe7dk31ql0zVVPt2AzwYtDL3WSLEBXIszr2uOMut5MyH0VtANRzL38EgNealMuElOiBvBChBiI_ob9GTZ6DKTx6pvmoKGoz47gY8jvLYXbbvU5E_RbrNc28hT2iyrhZuk2yYDQl WSGii0lNhWyIIFQ1aXmJCtf3jdh_KWaMHxHWY53FBhQ_hL2wym7yobbqTHF2o3F0leU5ZZQDXtqShX0P_xUETFg885XDvqkMAX6eM_sp19QBV2YmOl_gTCazFiGCdA4v W6zGO9OiPBjPlycm_acokwDz 4yM3myynMQe9q8fbX4QrnnM Ujh7usUuLkJgMjeETNDmS6DhhGr9rHQjO6fVnlBeHjGUBs115a2ZwHzwOyuSC_Ze2MQ0WmpUANnw=-G48AAMTy1hKRQFB ghR PzP7wG_H6 SA_d zgO5BQs0TSjGoG9YPu GoZ1NoGsMZh97NdwG0fAP3UyVYQox38lkqDPEQzDBqaCV3_4efOeYihURxu8B KINk21rvjgd7QVg=-e

http://up.eg.bav.baidu.com/?rh=F3BE20271C4E7E2125DD0BAB209306C2&baidusign=22428297&baidurand=4642

http://product.mobogenie.com/.../clientDownload.htm?media=1036&online=1&rid=3351482&t=1

http://up.bav.baidu.com/?rh=77FC96A37221348CA27BF00630942616&baidusign=22428297&baidurand=30247

http://localhost:37848/continue?TiCredToken=19047&Source=WTP&URL=http://upload.mobogenie.com/mu/mobogeniemini/1002/.../mobogeniemini_1002_10006.exe

http://41.223.201.248:801/.../mobogeniemini_1002_10006.exe

http://localhost:37848/continue?TiCredToken=28079&Source=WTP&URL=http://upload.mobogenie.com/mu/mobogeniemini/1002/.../mobogeniemini_1002_10006.exe

http://10.5.4.26:9091/.../com.trend.iwss.user.servlet.sendfile?downloadfile=IRES-1834327218-CCB79400-39538-39507-223

temp:mobogeniemini_1002_10006.exe

http://localhost:37848/continue?TiCredToken=27973&Source=WTP&URL=http://upload.mobogenie.com/mu/mobogeniemini/1002/.../mobogeniemini_1002_10006.exe

Latest 30 of 36 download URLs

Remove mobogeniemini_1002_1036_248420_1.exe - Powered by Reason Core Security