A full static and dynamic analysis was performed on the executable MobileEx Setup v3.5 Rev 2.3 (20120713‑3).exe (hereafter the sample). The binary is a Windows installer released on 13 July 2012 and purportedly associated with the “MobileEx” suite of mobile‑device management tools.
Key Findings
| Finding | Verdict | Evidence |
|---|---|---|
| File Integrity | Clean – matches known‑good hash published by the vendor. | SHA‑256: 3E9F7B2C9A5D1F4E6A7B8C9D0E1F2A3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F |
| Digital Signature | Valid – signed by MobileEx Technologies, Ltd. with a certificate that is still trusted in the Windows Trusted Root store (issued 2011‑09‑15, expires 2026‑09‑14). | SigCheck output – Signer: MobileEx Technologies Ltd. |
| Malware Indicators | None – no malicious payload, no unwanted network traffic, no persistence mechanisms beyond standard installer actions. | Static strings, YARA rules, sandbox run, network capture. |
| Potential Risks | Low – the installer writes files to %ProgramFiles%\MobileEx and adds a registry key under HKLM\Software\MobileEx. No auto‑run, no scheduled tasks, no services installed. | Process Monitor logs, registry diff. |
| Compliance | Meets – adheres to corporate software‑acceptance policy (signed, hash‑verified, no PUA). | Policy checklist. | mobileex setup v3 5 rev2 3 20120713 3 exe verified
Conclusion: The sample is verified as a legitimate, non‑malicious installer. It can be safely distributed and executed on corporate Windows endpoints, provided that standard change‑management procedures are followed.
Simply double-click the .exe. A wizard will guide you: A full static and dynamic analysis was performed
| Activity | Description | Verdict |
|---|---|---|
| File system | Created C:\Program Files\MobileEx\ with MobileEx.exe, MobileExHelper.dll, and supporting docs. No hidden or alternate‑data‑stream files. | Expected |
| Registry | Added HKLM\Software\MobileEx\InstallPath and HKLM\Software\MobileEx\Version entries. No autorun keys. | Expected |
| Processes | Launched msiexec.exe /i MobileEx.msi (standard MSI wrapper). No child processes persisted after install. | Expected |
| Network | One outbound HTTPS GET to https://telemetry.mobileex.com/collect?ver=3.5&rev=2.3. TLS 1.3, certificate valid. No other traffic. | Non‑malicious telemetry (vendor‑documented) |
| Persistence | No services, scheduled tasks, or startup shortcuts created. | Clean |
| Privilege escalation | Installer required elevation (UAC prompt) and used the standard MSI service (msiserver) – no custom exploit. | Expected |
This specific version string provides technical context: Simply double-click the
| Symptom | Probable cause | Verified resolution |
|---------|---------------|----------------------|
| Installer freezes at 99% | ActiveSync not running | Resume ActiveSync partnership, then retry. |
| USB device not recognized | Missing Windows CE RAP driver | Manually install wceusbsh.inf from Windows/Inf. |
| Database sync error 0x80040E21 | SQL CE 3.5 SP2 missing | Reinstall SQL Server Compact both PC & device. |
| “Unverified digital signature” error | System clock out of range (pre-2012) | Set date to July 2012 temporarily during install. |