mog.exe

Mx One Antivirus

Ldc

This is a setup program which is used to install the application. The file has been seen being downloaded from update.mxone.net.
Publisher:
Ldc

Product:
Mx One Antivirus

Version:
4.05

MD5:
b30e6e000b9813ce4d2bc10fd3f93ce6

SHA-1:
a4e21593c08cbadaefd48e47e52c4a91c2839d6b

SHA-256:
7c5240f70f4c5cbbd3a001b5eaec2d4d07b5daa0b6b30a2869c4db2da1576f93

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/14/2024 2:48:36 PM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM17.0.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0319
7.2.94

File size:
370 KB (378,880 bytes)

Product version:
4.05

Copyright:
Red Mx ( Martin Malagon )

Trademarks:
http://www.LdcMx.info http://www.MxOne.net

Original file name:
mog.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\users\{user}\appdata\local\temporary internet files\content.ie5\{random}\mog.exe

File PE Metadata
Compilation timestamp:
3/15/2015 2:26:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:mlittHR2AmGe62SjELEE5UdBQCPcpZGNqjMkWbf/M6q35Hwj/FQBCzl+Vdgfc/A9:mYtNLve6ML6AD7W46C+QBCJKdgZT

Entry address:
0x3BF8

Entry point:
B8, EC, 1E, 58, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, A4, FE, 3E, 1F, ED, 6E, 01, FB, 36, 41, DD, 98, 75, BF, 3D, B3, AB, C1, DF, 70, 70, C0, 1D, C1, B2, E0, D4, C1, FF, 96, 9C, DC, D7, E2, 90, 31, 22, D7, F8, 1F, 70, 54, 9A, 78, 2D, BA, 32, D7, EB, 92, 01, F5, 35, 6D, 97, F8, B2, 86, A9, 50, E0, 22, DC, 36, C0, 00, 6E, 99, 84, D3, 35, DC, 4C, AF, 7E, DE, 3C, C0, 4D, CF, C2, 77, 11, 6F, 60, DE, 03, 68, 6E, 35, 8F, C1, E9...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.5 MB (1,523,712 bytes)

The file mog.exe has been seen being distributed by the following URL.

Scan mog.exe - Powered by Reason Core Security