home

kingo root.exe

Kingo Root

Kingosoft

The executable kingo root.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download.kingoapp.com.
Publisher:
Kingosoft

Product:
Kingo Root

Version:
1.4.6.2750

MD5:
3160bb83347809b7ba3ef5ddd8973f65

SHA-1:
b3b78d51b2e54110838eac75f802cf9c8e533db7

SHA-256:
98b3171da31edef7a707be76c07acff34dd9d77f3ebf4514bb8175e387e2103e

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/5/2024 2:20:27 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160414-2

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.2266.0

VIPRE Antivirus
Threat.46249
51054

File size:
1.2 MB (1,211,864 bytes)

Product version:
1.4.6.2750

Copyright:
Copyright (C) 2013-2016 Kingosoft

Original file name:
Kingo Root.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\kingo%20root.exe

File PE Metadata
Compilation timestamp:
5/19/2016 8:48:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:sB6TsOYsYbOqBd90tcq+AyelvaJ+PJUYeIfRO49KHCmfF+mudxt:sh7bvBdSG7AFQsqY7L9KHCmfFXudf

Entry address:
0x229000

Entry point:
90, B8, 5A, 1C, D2, 00, 68, 1E, 90, 62, 00, 5A, 90, 68, 98, 05, 00, 00, 5E, 90, 31, 04, 32, 90, 90, 83, EE, 03, 4E, 75, F5, 90, 90, 90, B2, 61, D3, 00, 5A, 1C, D2, 00, 5A, 1C, 92, 00, FF, 22, C1, 00, BA, DB, DD, 00, 82, D1, DD, 00, 5A, AC, D0, 00, A5, E3, 2D, FF, 5E, A7, 81, 00, F4, A9, 81, 00, 0E, 87, 81, 00, 6A, 8B, D2, 00, F6, A9, C1, 00, 08, 87, C1, 00, 5E, 1F, D3, 00, F6, A9, C1, 00, 08, 87, C1, 00, 5A, 1C, D2, 00, 5A, 1C, D2, 00, 5A, 1C, D2, 00, 5A, 1C, D2, 00, 5A, 1C, D2, 00, 5A, 1C, D2, 00, 5A, 1C...
 
[+]

Code size:
25.5 KB (26,112 bytes)

The file kingo root.exe has been seen being distributed by the following URL.

http://download.kingoapp.com/.../Kingo Root.exe

Remove kingo root.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.