kingo-android-root-1-3-1-2217-32-bits.exe

Generic Internet program

The application kingo-android-root-1-3-1-2217-32-bits.exe, “Generic Internet program Setup ” has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.downloadsfilesnow.com and multiple other hosts.
Product:
Generic Internet program

Description:
Generic Internet program Setup

MD5:
eb62f5af21374ec8e920d8a465d35d1d

SHA-1:
935fe465c9794383f82529445cd6aff62f9d1d8b

SHA-256:
e8833df31e1fb86c805f92820100bd9fa8c8e00169be879d529fe1f5a6bf1b7b

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 7:05:34 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
APPL/InstallCore.ZS
8.3.2.4

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15127

Comodo Security
Application.Win32.InstallCore.KK
23690

Dr.Web
Trojan.Packed.29973
9.0.1.05190

ESET NOD32
Win32/InstallCore.ADX.gen potentially unwanted application
7.0.302.0

K7 AntiVirus
Adware
13.212.18027

Malwarebytes
v2015.12.07.05

McAfee
Artemis!EB62F5AF2137
5600.6558

NANO AntiVirus
Riskware.Win32.InstallCore.dnajxq
1.0.10.5081

Reason Heuristics
PUP.Installer.Bundler.Installer.Meta (M)
15.12.7.16

SUPERAntiSpyware
9462

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

VIPRE Antivirus
Threat.4150696
45588

Zillya! Antivirus
Adware.OutBrowse.Win32.58813
2.0.0.2552

File size:
672 KB (688,111 bytes)

Product version:
1.5

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
6/19/1992 9:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:UsvpdGwhWNOlNFCeKNXGvYJbpfoC6dVOq+sXtEuK4ifuRxExubHaP/kY:UsvbGwhi4FC1XnVreXtEgZRxExM6P5

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file kingo-android-root-1-3-1-2217-32-bits.exe has been seen being distributed by the following 2 URLs.

Remove kingo-android-root-1-3-1-2217-32-bits.exe - Powered by Reason Core Security