new_updatemobogenie.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application new_updatemobogenie.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program Mobogenie by Beijing Yang Fan Jing He Information Consulting Co. Ltd.. While running, it connects to the Internet address server-52-85-221-207.cdg50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:

MD5:
06c195e41e41284536ce19945fd15356

SHA-1:
1c1463570bcfe850677616f2a92e48291904fbed

SHA-256:
30a576cdf541b5b5c51d7d48c31fbc9e4628480dcafa7498ee4da8871d69b70e

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/12/2024 6:45:09 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Mobogenie-K [Adw]
2014.9-140717

Dr.Web
Adware.Mobogenie.5
9.0.1.0198

ESET NOD32
Win32/Mobogenie (variant)
8.10109

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo.T
14.7.17.8

File size:
645.2 KB (660,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\mobogenie\version\oldversion\mobogenie\new_updatemobogenie.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/16/2012 5:30:00 AM

Valid to:
6/16/2015 5:29:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
7/16/2014 8:54:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:74ZU8frMBaY8/12aXPP1zMxOW6nwTccBYgNIWTlrhQZB:74ZU8fwU12aX1Ec1gNTTRhQZB

Entry address:
0x71B1F

Entry point:
E8, 5F, 05, 00, 00, E9, B3, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8...
 
[+]

Entropy:
6.5949

Code size:
484 KB (495,616 bytes)

The file new_updatemobogenie.exe has been discovered within the following program.

Mobogenie  by Beijing Yang Fan Jing He Information Consulting Co. Ltd.
Mobogenie is an Android app store portal that may use the OpenCandy, Quick Downloader, Conduit and various other monetization programs to bundle with third party installers. In many cases some versions (mostly older ones) are bundled by third party distribution platforms.
www.mobogenie.com/pc.html
56% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-132-75.atl52.r.cloudfront.net  (52.84.132.75:80)

TCP (HTTP):
Connects to server-54-230-51-148.jfk5.r.cloudfront.net  (54.230.51.148:80)

TCP (HTTP):
Connects to server-52-84-132-200.atl52.r.cloudfront.net  (52.84.132.200:80)

TCP (HTTP):
Connects to server-54-230-81-98.mia50.r.cloudfront.net  (54.230.81.98:80)

TCP (HTTP):
Connects to server-54-230-81-37.mia50.r.cloudfront.net  (54.230.81.37:80)

TCP (HTTP):
Connects to server-54-230-51-95.jfk5.r.cloudfront.net  (54.230.51.95:80)

TCP (HTTP):
Connects to server-54-230-51-48.jfk5.r.cloudfront.net  (54.230.51.48:80)

TCP (HTTP):
Connects to server-54-230-81-9.mia50.r.cloudfront.net  (54.230.81.9:80)

TCP (HTTP):
Connects to server-54-230-51-86.jfk5.r.cloudfront.net  (54.230.51.86:80)

TCP (HTTP):
Connects to server-54-230-51-57.jfk5.r.cloudfront.net  (54.230.51.57:80)

TCP (HTTP):
Connects to server-54-192-130-124.ams50.r.cloudfront.net  (54.192.130.124:80)

TCP (HTTP):
Connects to server-52-85-63-231.lhr50.r.cloudfront.net  (52.85.63.231:80)

TCP (HTTP):
Connects to server-52-84-132-32.atl52.r.cloudfront.net  (52.84.132.32:80)

TCP (HTTP):
Connects to server-52-84-132-206.atl52.r.cloudfront.net  (52.84.132.206:80)

TCP (HTTP):
Connects to server-54-230-95-64.fra2.r.cloudfront.net  (54.230.95.64:80)

TCP (HTTP):
Connects to server-54-230-95-198.fra2.r.cloudfront.net  (54.230.95.198:80)

TCP (HTTP):
Connects to server-54-230-95-159.fra2.r.cloudfront.net  (54.230.95.159:80)

TCP (HTTP):
Connects to server-54-230-51-72.jfk5.r.cloudfront.net  (54.230.51.72:80)

TCP (HTTP):
Connects to server-54-230-206-117.atl50.r.cloudfront.net  (54.230.206.117:80)

TCP (HTTP):
Connects to server-54-192-36-234.jfk1.r.cloudfront.net  (54.192.36.234:80)

Remove new_updatemobogenie.exe - Powered by Reason Core Security