» mog.exe
Overview
Analysis
File Details
Downloads (1)

mog.exe

Mx One Antivirus

Ldc

The executable mog.exe has been detected as malware by 18 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from update.mxone.net.

File name:

mog.exe

Publisher:

Ldc

Product:

Mx One Antivirus

Version:

4.05

MD5:

cbb7b60ecce88ead5e7cecf0d63739b8

SHA-1:

251acd8741407964bf82114da2431e50ca616ec3

SHA-256:

2189df09209cf22bc74d1b9b8aae670947196643adc26992152b54d2bac29880

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

11/24/2024 2:06:55 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11377430

953

Agnitum Outpost

Packed/PECompact

7.1.1

avast!

Win32:Dropper-gen [Drp]

2014.9-140627

Bitdefender

Trojan.Generic.11377430

1.0.20.890

Bkav FE

HW32.CDB

1.3.0.4959

Emsisoft Anti-Malware

Trojan.Generic.11377430

8.14.06.27.10

Fortinet FortiGate

W32/Banker.BB

6/27/2014

F-Secure

Trojan.Generic.11377430

11.2014-27-06_6

G Data

Trojan.Generic.11377430

14.6.24

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.6.1.0

McAfee

Artemis!CBB7B60ECCE8

5600.7087

MicroWorld eScan

Trojan.Generic.11377430

15.0.0.534

Norman

Suspicious_Gen2.VWYQW

11.20140627

nProtect

Trojan.Generic.11377430

14.06.26.02

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Sophos

Mal/Banker-BB

4.98

Trend Micro House Call

TROJ_GEN.R047H08FB14

7.2.178

Zillya! Antivirus

Trojan.Banker.Win32.82930

2.0.0.1839

File size:

368.5 KB (377,344 bytes)

Product version:

4.05

Red Mx ( Martin Malagon )

Trademarks:

http://www.LdcMx.info http://www.MxOne.net

Original file name:

mog.exe

File type:

Executable application (Win32 EXE)

Language:

Spanish (Spain, International Sort)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mog.exe

File PE Metadata

Compilation timestamp:

6/2/2014 12:37:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:QM2cWyZ6KMbkS8ERUxR1kMSsP3R/8/vWGGFuA9gQQTJVOClyEd1U:IyZiQQMB6/vWGu9oOmyE

Entry address:

0x3B48

Entry point:

B8, DC, EE, 57, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 34, 6B, 78, 09, 7C, 4E, 98, 87, 3D, 27, 08, 6B, 7B, EB, 7C, 1F, EB, 25, 29, 2B, E9, 8F, DC, FF, 5A, C5, C9, 2A, C2, 03, 44, AD, 7C, C8, C5, 08, 3A, CD, 75, 9B, 99, 52, A6, 2A, AE, 51, 59, 4B, 59, 79, 0A, A7, 2D, 7E, 74, C8, 65, 20, 6A, E8, DD, 2F, BC, 57, DA, 7B, 47, 2F, 8B, 26, 23, BD, 79, F1, 3D, 04, 86, 78, A7, D2, 6C, 17, DD, DC, 65, 9C, 33, E9, 28, 80, 7D, D7, 2A... 
[+]

Packer / compiler:

PECompact v2

Code size:

1.4 MB (1,511,424 bytes)

The file mog.exe has been seen being distributed by the following URL.

http://update.mxone.net/mog.exe

Remove mog.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.