kingroot-4.0.0.233-release-201505071219_105001.exe

The application kingroot-4.0.0.233-release-201505071219_105001.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz and multiple other hosts.
MD5:
32279ee0ccb4e14c629e1ede42153921

SHA-1:
bea2f75db0f8dc99b754bef6a4ecdf9b1768138a

SHA-256:
f141b7a6275b89376e01bd3e9cfc28a5689282c9fba5456f88f236e8c85e6fff

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 10:13:27 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Android.Riskware.Kingroot.gPSR
332

AegisLab AV Signature
Android.Riskware.Kingroot!c
2.1.4+

AhnLab V3 Security
Android-AppCare/Kingroot.10202
2016.03.07

Avira AntiVirus
SPR/ANDR.DroidRooter.112
8.3.3.2

Arcabit
Android.Riskware.Kingroot.gPSR
1.0.0.656

avast!
Android:DroidRooter-CR [PUP]
2014.9-160309

AVG
Android/KingRoot
2017.0.2810

Bitdefender
Android.Riskware.Kingroot.gPSR
1.0.20.345

Dr.Web
Tool.Rooter.43.origin
9.0.1.069

Emsisoft Anti-Malware
Android.Exploit.GingerBreak
8.16.03.09.06

ESET NOD32
Android/DroidRooter.AC potentially unsafe (variant)
10.13135

F-Prot
AndroidOS/DroidRooter.V
v6.4.7.1.166

F-Secure
Android.Riskware.Kingroot
11.2016-09-03_4

G Data
Android.Riskware.Kingroot.gPSR
16.3.25

IKARUS anti.virus
PUA.AndroidOS.DroidRooter
t3scan.2.0.8.0

McAfee
Artemis!32279EE0CCB4
5600.6466

MicroWorld eScan
Android.Riskware.Kingroot.gPSR
17.0.0.207

NANO AntiVirus
Riskware.Android.Rooter.duipsj
1.0.18.6677

Quick Heal
Android.Kingroot.Aaebb (AdWare)
3.16.14.00

Sophos
Android KingRoot (PUA)
4.98

VIPRE Antivirus
Trojan.AndroidOS.Generic.A
47692

File size:
6.3 MB (6,649,985 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\kingroot-4.0.0.233-release-201505071219_105001.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
196608:0tIVnSt4Qqgf97lMpZmWMtDbdeKrTWO8WCNybJy:0S4Ig9ZTxdeKB8WWybE

Entry point:
50, 4B, 03, 04, 14, 00, 08, 00, 08, 00, 8D, 9E, A7, 46, D6, FB, B2, 3C, F6, 0D, 00, 00, 24, 25, 00, 00, 14, 00, 00, 00, 4D, 45, 54, 41, 2D, 49, 4E, 46, 2F, 4D, 41, 4E, 49, 46, 45, 53, 54, 2E, 4D, 46, 9D, 5A, 49, 73, A3, 58, B3, DD, 77, 44, FF, 87, 5A, BE, 17, 8A, B6, 00, 89, E9, 8B, 78, 0B, 40, 80, 40, 42, 03, 83, 24, D8, 28, 98, C4, 3C, CF, FC, FA, 0F, BB, 86, 76, CB, 17, BB, EB, 2D, CA, E5, B0, 23, CE, 4D, E5, CD, 73, F2, 64, 5E, 4B, 66, 1A, 3C, DC, AA, FE, EB, E2, 96, 55, 90, A5, FF, F9, 06, BF, 40, 7F...
 
[+]

Entropy:
7.9877  (probably packed)

The file kingroot-4.0.0.233-release-201505071219_105001.exe has been seen being distributed by the following 8 URLs.

https://mega.nz/temporary/.../w9I3GZLJ

https://zima111g.storage.yandex.net/rdisk/a465226a192459fbe461271253cfc5971e8da966922495250f981bc83257a62b/575b7139/.../vnd.android.package-archive&fsize=6649985&hid=adb9fd2593cb188957e08e16841de914&media_type=unknown&tknv=v2&rtoken=OXejXtTTMjif&force_default=no&ycrid=na-5dade08a4ffae9f3126ea282dc30cadc-downloader3d

https://d17.usercdn.com/d/.../KingRoot-4.0.0.233.apk

https://mega.nz/temporary/.../LVZgEaJI