home

mog.exe

Mx One Antivirus

Ldc

The executable mog.exe has been detected as malware by 18 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from update.mxone.net.
Publisher:
Ldc

Product:
Mx One Antivirus

Version:
4.05

MD5:
cbb7b60ecce88ead5e7cecf0d63739b8

SHA-1:
251acd8741407964bf82114da2431e50ca616ec3

SHA-256:
2189df09209cf22bc74d1b9b8aae670947196643adc26992152b54d2bac29880

Scanner detections:
18 / 68

Status:
Malware

Analysis date:
11/14/2024 2:47:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11377430
953

Agnitum Outpost
Packed/PECompact
7.1.1

avast!
Win32:Dropper-gen [Drp]
2014.9-140627

Bitdefender
Trojan.Generic.11377430
1.0.20.890

Bkav FE
HW32.CDB
1.3.0.4959

Emsisoft Anti-Malware
Trojan.Generic.11377430
8.14.06.27.10

Fortinet FortiGate
W32/Banker.BB
6/27/2014

F-Secure
Trojan.Generic.11377430
11.2014-27-06_6

G Data
Trojan.Generic.11377430
14.6.24

IKARUS anti.virus
Trojan.Win32.Agent
t3scan.1.6.1.0

McAfee
Artemis!CBB7B60ECCE8
5600.7087

MicroWorld eScan
Trojan.Generic.11377430
15.0.0.534

Norman
Suspicious_Gen2.VWYQW
11.20140627

nProtect
Trojan.Generic.11377430
14.06.26.02

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Sophos
Mal/Banker-BB
4.98

Trend Micro House Call
TROJ_GEN.R047H08FB14
7.2.178

Zillya! Antivirus
Trojan.Banker.Win32.82930
2.0.0.1839

File size:
368.5 KB (377,344 bytes)

Product version:
4.05

Copyright:
Red Mx ( Martin Malagon )

Trademarks:
http://www.LdcMx.info http://www.MxOne.net

Original file name:
mog.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mog.exe

File PE Metadata
Compilation timestamp:
6/2/2014 12:37:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:QM2cWyZ6KMbkS8ERUxR1kMSsP3R/8/vWGGFuA9gQQTJVOClyEd1U:IyZiQQMB6/vWGu9oOmyE

Entry address:
0x3B48

Entry point:
B8, DC, EE, 57, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 34, 6B, 78, 09, 7C, 4E, 98, 87, 3D, 27, 08, 6B, 7B, EB, 7C, 1F, EB, 25, 29, 2B, E9, 8F, DC, FF, 5A, C5, C9, 2A, C2, 03, 44, AD, 7C, C8, C5, 08, 3A, CD, 75, 9B, 99, 52, A6, 2A, AE, 51, 59, 4B, 59, 79, 0A, A7, 2D, 7E, 74, C8, 65, 20, 6A, E8, DD, 2F, BC, 57, DA, 7B, 47, 2F, 8B, 26, 23, BD, 79, F1, 3D, 04, 86, 78, A7, D2, 6C, 17, DD, DC, 65, 9C, 33, E9, 28, 80, 7D, D7, 2A...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.4 MB (1,511,424 bytes)

The file mog.exe has been seen being distributed by the following URL.

http://update.mxone.net/mog.exe

Remove mog.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.