new_updatemobogenie.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application new_updatemobogenie.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program Mobogenie by Beijing Yang Fan Jing He Information Consulting Co. Ltd.. While running, it connects to the Internet address server-52-84-132-238.atl52.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:

MD5:
a9729a74810111c8cf3f807913a10d9d

SHA-1:
82f978ffa4b602edd29c5708d0418340fe6d419b

SHA-256:
226a4e71a26a7f0e357cc6a8629e78f11fb6aaa9278e5f1dc362f15e8899af23

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 2:17:14 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Mobogenie-K [Adw]
2014.9-140722

Dr.Web
Adware.Mobogenie.5
9.0.1.0203

ESET NOD32
Win32/Mobogenie (variant)
8.10136

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo.T
14.7.22.14

File size:
645.2 KB (660,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\mobogenie\version\oldversion\mobogenie\new_updatemobogenie.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/16/2012 1:00:00 AM

Valid to:
6/16/2015 1:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
7/22/2014 1:18:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Z4ZU8frMBaY8/12aXPP1zMxOW6nwTccBYgNIWTlrhQZM:Z4ZU8fwU12aX1Ec1gNTTRhQZM

Entry address:
0x71B1F

Entry point:
E8, 5F, 05, 00, 00, E9, B3, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8...
 
[+]

Code size:
484 KB (495,616 bytes)

The file new_updatemobogenie.exe has been discovered within the following program.

Mobogenie  by Beijing Yang Fan Jing He Information Consulting Co. Ltd.
Mobogenie is an Android app store portal that may use the OpenCandy, Quick Downloader, Conduit and various other monetization programs to bundle with third party installers. In many cases some versions (mostly older ones) are bundled by third party distribution platforms.
www.mobogenie.com/pc.html
56% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-19-248.iad12.r.cloudfront.net  (54.192.19.248:80)

TCP (HTTP):
Connects to server-54-192-130-30.ams50.r.cloudfront.net  (54.192.130.30:80)

TCP (HTTP):
Connects to server-52-85-74-205.lhr3.r.cloudfront.net  (52.85.74.205:80)

TCP (HTTP):
Connects to server-52-85-63-221.lhr50.r.cloudfront.net  (52.85.63.221:80)

TCP (HTTP):
Connects to server-52-84-25-225.sea32.r.cloudfront.net  (52.84.25.225:80)

TCP (HTTP):
Connects to server-54-239-132-73.sfo9.r.cloudfront.net  (54.239.132.73:80)

TCP (HTTP):
Connects to server-54-230-216-170.mrs50.r.cloudfront.net  (54.230.216.170:80)

TCP (HTTP):
Connects to server-54-230-163-119.jax1.r.cloudfront.net  (54.230.163.119:80)

TCP (HTTP):
Connects to server-54-192-203-237.fra50.r.cloudfront.net  (54.192.203.237:80)

TCP (HTTP):
Connects to server-54-192-19-243.iad12.r.cloudfront.net  (54.192.19.243:80)

TCP (HTTP):
Connects to server-54-192-19-236.iad12.r.cloudfront.net  (54.192.19.236:80)

TCP (HTTP):
Connects to server-54-192-130-197.ams50.r.cloudfront.net  (54.192.130.197:80)

TCP (HTTP):
Connects to server-54-192-130-165.ams50.r.cloudfront.net  (54.192.130.165:80)

TCP (HTTP):
Connects to server-54-192-130-129.ams50.r.cloudfront.net  (54.192.130.129:80)

TCP (HTTP):
Connects to server-52-85-77-167.lax3.r.cloudfront.net  (52.85.77.167:80)

TCP (HTTP):
Connects to server-52-85-63-77.lhr50.r.cloudfront.net  (52.85.63.77:80)

TCP (HTTP):
Connects to server-52-84-33-143.ewr50.r.cloudfront.net  (52.84.33.143:80)

TCP (HTTP):
Connects to server-52-84-25-138.sea32.r.cloudfront.net  (52.84.25.138:80)

TCP (HTTP):
Connects to server-52-84-132-155.atl52.r.cloudfront.net  (52.84.132.155:80)

TCP (HTTP):
Connects to server-54-240-186-252.mad50.r.cloudfront.net  (54.240.186.252:80)

Remove new_updatemobogenie.exe - Powered by Reason Core Security