» kingo-android-root-1-3-1-2217-32-bits.exe
Overview
Analysis
File Details
Downloads (2)

kingo-android-root-1-3-1-2217-32-bits.exe

Generic Internet program

The application kingo-android-root-1-3-1-2217-32-bits.exe, “Generic Internet program Setup ” has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.downloadsfilesnow.com and multiple other hosts.

File name:

Product:

Generic Internet program

Description:

Generic Internet program Setup

MD5:

eb62f5af21374ec8e920d8a465d35d1d

SHA-1:

935fe465c9794383f82529445cd6aff62f9d1d8b

SHA-256:

e8833df31e1fb86c805f92820100bd9fa8c8e00169be879d529fe1f5a6bf1b7b

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/16/2024 12:50:07 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

APPL/InstallCore.ZS

8.3.2.4

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.15127

Comodo Security

Application.Win32.InstallCore.KK

23690

Dr.Web

Trojan.Packed.29973

9.0.1.05190

ESET NOD32

Win32/InstallCore.ADX.gen potentially unwanted application

7.0.302.0

K7 AntiVirus

Adware

13.212.18027

Malwarebytes

PUP.Optional.InstallCore

v2015.12.07.05

McAfee

Artemis!EB62F5AF2137

5600.6558

NANO AntiVirus

Riskware.Win32.InstallCore.dnajxq

1.0.10.5081

Reason Heuristics

PUP.Installer.Bundler.Installer.Meta (M)

15.12.7.16

SUPERAntiSpyware

PUP.InstallCore/Variant

9462

Vba32 AntiVirus

Malware-Cryptor.InstallCore.gen

3.12.26.4

VIPRE Antivirus

Threat.4150696

45588

Zillya! Antivirus

Adware.OutBrowse.Win32.58813

2.0.0.2552

File size:

672 KB (688,111 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

6/19/1992 9:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:UsvpdGwhWNOlNFCeKNXGvYJbpfoC6dVOq+sXtEuK4ifuRxExubHaP/kY:UsvbGwhi4FC1XnVreXtEgZRxExM6P5

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file kingo-android-root-1-3-1-2217-32-bits.exe has been seen being distributed by the following 2 URLs.

http://d.downloadsfilesnow.com/?ic_user_id=9289&data=Q4RE2LJiHnTK9S/AjefM7am9tZnWrKsdY5cMoFSI58DqAFoHI78Ue21ftguNCSwhmlg9nXHGtz1F2o7Lt8RdLEJ6s/hd1nBalAc5uGP2sPffpQQ6GaqyBxBsPNoTAEu/Pqlq8FRHtVk0dXGj7wE2Tju1FiNJDvx7lg EpuHN0ijdnr5BHy/GcgoPCOprXRDj/ifGcYvYLKtJmZw/CUQZj3xPrnOw6eKXFUE2HwWVqQOwuOgt/uH0W6A3Xav7 /iXBE9b7aduqYEK21E2yCBCJsFowdR4al/e3nXSHjiyfUbMwUcuHGaBSpsy50ZaY DRPyhrEIWt1C9HSRy3rXxHgShSrqrkdYWAKmfxXE6YpdrAbkqbwrcL7WRzxbGvNGCPZjRRrLfSrCqab8qD2rwWUq9/pRQDDuI4udHeUa/nXsXNj6zx4TB9BtIJge/Q/d oQgu4YNXlOeJbQ/yq5SDPbi89mQZjYrDCgn4P80tHp3KbnopNvTh4AWgXgQtlIO/JCNYM47uHsnYGXGnCVbj7OsPatsIXD1is6u6/la/ 1OUxAwHD2DzYDrgoih67etLaWXwHUCSh9fZ2Dn 1r4rmsDQy2xtzM9mh2PDFIiFnXXCk4onhmd/7ZIS/Pm1EQoMgesEIbX0NTOvzDc3USIBqR/4pcOyCikEvizl8mf 1GS5YvBpjP vUOUKNpzWI078XgOEyJl0w5tTxzTs/5HsUXmYsxS517A==&key=pALaUk8yMIbgaKIlIBDkIeSPp0NzAnZMC9oy9w7n6l0 ZeAAKN34goM/.../jhRlypcmB5cuUVybhtXUwvCaaMj hbMXuM GwoDGmzDKt36KTqw YRGhA2zH8O26pPLPiTQZyYDdwCUTzE6VgFWivDtBnzanHiNBqpwInHSjwXdLQiKEMKG6XMCX6Q2cQsDpHJnGd 1Ifdm

http://d.downloadsfilesnow.com/?ic_user_id=9289&data=sJf03E3nogYgZfMLjWV9VBkMAPlIQy Uu2F7ac1eCUyg359XqY8bVrhAOL0xuPvlvq2sy4o9040Ki0Eg1GyfHwZ18dGmjQ3n kJNm0CdTergq6/Zwfool5AmN2H rfu1wnU7YfkCeP7ABFmVB3JvoLED4uUvtAAY/PdT66clhEvOS9mlRTtYWbO5j4jQ5upzZqSSwHZPDmMUBClWDIt9BQzwyan0RF3ROhuggB3ATX8sk536t7IGYFReyZZFNxCCmxlAWlyUwmQOM avbsgclXhvwnDGTQe9NYlkSQylwOlVWt OdfHl n34dVzIedJVxSv37LCQ4WU 1FNtgOeEe7tm8KLjN50Xy1UG98jF71ZtbaHlFPxG/hXpo3Kek7gLu3BmRV28 aWvxi7FfqBjdZkDmxf0IQLfq8kw6R 7G/idn19nIxDaS mgy5xBmC3QooNmcSaNWMPo4gf6sVdFn6MjqI2YPl154G1pQ9cIds2CiDmUUb2TWa2eM UNFch2OUuCDOPCPq1ZXKmmXvj84OAJwF4fEPyGHbkC2gKPgR9dphUmZ/SnTrJJThg0frqwdc5l25FF4azA2GbSGD5hy0aZQGPXwQAjJhB2 qESA1qNVjosBTO7bx 9UVrVE8iT4eSq35E/zMjxrSSP iEry5YkdE2qQfRawIXSU76MQM59b5tqujnhM/P0s7O6GLlM2yAFdqWPg2D84D3z necax0n9uqS0w==&key=HoOoYSEDvumlfCWx865n4sXQsp2LhtxtQ6RSbSRdj54E8FB6d gBwhOk3VSV7qZa5/8pjIT3LMGWWnp WfTpPPL0ED6PHPPtLb37co9eK8nWzjOtJIFyh/.../BSYdYm9jPmCTA BcCoIFWmp9PmKAWb9

Remove kingo-android-root-1-3-1-2217-32-bits.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.