Update.exe

Mobogenie

Beijing AmazGame Age Internet Technology Co., Ltd.

The application Update.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address server-52-84-246-244.sfo20.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Mobogenie.com  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
Mobogenie

Description:
Update.exe

Version:
1.0.0.6

MD5:
baa39ee10a5ac039ca2d6f72a1d13354

SHA-1:
fe1dc9fbd9b1336163b083d5a2b6b055a6e31ad8

SHA-256:
b668c122c69dee6333658ebd5b1d738c7d5e87bfda2ff5bc7ad6095dbbd62a4c

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:20:12 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mobogenie.14
9.0.1.0341

Reason Heuristics
PUP.Optional.BeijingAmazGameAgeInternetTechnologyCo.G
14.12.7.1

File size:
166.2 KB (170,176 bytes)

Product version:
1.0.0.6

Copyright:
Copyright (C) 2014 Gamease Age Digital Technology Co., Ltd., All rights

Original file name:
Update.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\mobogenie3\update.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/15/2012 6:00:00 PM

Valid to:
6/15/2015 5:59:59 PM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
12/3/2014 1:28:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:GWMWHgO+CwHWUC17GhqDXXzvWG3uaSZP2WIMatvt3nUM/NksjQOh3ZHLw1f:GMHgO+CwswhsXXzvWG3u74xnUM1ZjQOA

Entry address:
0x1CED2

Entry point:
E8, DC, 04, 00, 00, E9, B3, FD, FF, FF, FF, 25, DC, F2, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, FF, 25, E0, F2, 41, 00, CC, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 60, 7C, 42, 00, 89, 0D, 5C, 7C, 42, 00, 89, 15, 58, 7C, 42, 00, 89, 1D, 54, 7C, 42, 00, 89, 35, 50, 7C, 42, 00, 89, 3D, 4C, 7C, 42, 00, 66...
 
[+]

Entropy:
6.5029

Code size:
120 KB (122,880 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-0-0.lhr5.r.cloudfront.net  (54.230.0.0:80)

TCP (HTTP):
Connects to server-52-85-63-231.lhr50.r.cloudfront.net  (52.85.63.231:80)

TCP (HTTP):
Connects to server-54-230-216-214.mrs50.r.cloudfront.net  (54.230.216.214:80)

TCP (HTTP):
Connects to server-52-85-63-77.lhr50.r.cloudfront.net  (52.85.63.77:80)

TCP (HTTP):
Connects to server-54-230-95-151.fra2.r.cloudfront.net  (54.230.95.151:80)

TCP (HTTP):
Connects to server-54-230-163-221.jax1.r.cloudfront.net  (54.230.163.221:80)

TCP (HTTP):
Connects to server-54-230-163-217.jax1.r.cloudfront.net  (54.230.163.217:80)

TCP (HTTP):
Connects to server-54-192-203-82.fra50.r.cloudfront.net  (54.192.203.82:80)

TCP (HTTP):
Connects to server-52-85-83-67.lax1.r.cloudfront.net  (52.85.83.67:80)

TCP (HTTP):
Connects to server-52-85-83-210.lax1.r.cloudfront.net  (52.85.83.210:80)

TCP (HTTP):
Connects to server-52-85-83-141.lax1.r.cloudfront.net  (52.85.83.141:80)

TCP (HTTP):
Connects to server-52-85-63-46.lhr50.r.cloudfront.net  (52.85.63.46:80)

TCP (HTTP):
Connects to server-52-85-63-188.lhr50.r.cloudfront.net  (52.85.63.188:80)

TCP (HTTP):
Connects to server-52-85-63-106.lhr50.r.cloudfront.net  (52.85.63.106:80)

TCP (HTTP):
Connects to server-52-84-246-163.sfo20.r.cloudfront.net  (52.84.246.163:80)

TCP (HTTP):
Connects to server-54-239-132-4.sfo9.r.cloudfront.net  (54.239.132.4:80)

TCP (HTTP):
Connects to server-54-239-132-213.sfo9.r.cloudfront.net  (54.239.132.213:80)

TCP (HTTP):
Connects to server-54-230-51-57.jfk5.r.cloudfront.net  (54.230.51.57:80)

TCP (HTTP):
Connects to server-54-230-51-44.jfk5.r.cloudfront.net  (54.230.51.44:80)

TCP (HTTP):
Connects to server-54-230-216-234.mrs50.r.cloudfront.net  (54.230.216.234:80)

Remove Update.exe - Powered by Reason Core Security