home

kingroot_428059.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from file.liqucn.com and multiple other hosts.
MD5:
22b643a27f27fa59862030b374ac7887

SHA-1:
bb33d1f460cd72ab5d03f81d50f882b95e02910c

SHA-256:
3f7ff572b8eb002f73397e6c8684f488df67fd16f12d9f2dadf064615683b6be

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 2:10:23 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader15.42459
9.0.1.0241

File size:
3.1 MB (3,273,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\kingroot_428059.exe

File PE Metadata
Compilation timestamp:
6/11/2015 10:26:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:eTnizBegg07EenlP0GVIXRZ58IdiMrOzfGs9+L+QYr/d3V1ZRmK5bRyv+oWPf5CP:f9egzTIzrOC+QYrl5YsX5CX2r2ym

Entry address:
0x274546

Entry point:
E8, 3E, FF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, AC, 66, 6C, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 28, C2, 69, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Code size:
2.6 MB (2,731,008 bytes)

The file kingroot_428059.exe has been seen being distributed by the following 13 URLs.

http://file.liqucn.com/.../apkinstaller_??K?_42225.exe

http://file.liqucn.com/.../?????_19323.exe

http://file.liqucn.com/.../????_9202.exe

temp:Camera-an97.apk_2.4.exe

http://file.liqucn.com/.../P2PWIFICAM2_250148.exe

https://docs.google.com/uc?authuser=0&id=0B0NMSpuP6eFJZHJiSFhnQ2NmeEE&export=download

http://file.liqucn.com/.../???_204932.exe

http://file.liqucn.com/.../????_38375.exe

http://file.liqucn.com/.../????????4_467434.exe

http://file.liqucn.com/.../?????_510960.exe

http://file.liqucn.com/.../???????? (???)_249033.exe

http://file.liqucn.com/.../myTV_455818.exe

http://file.liqucn.com/.../????TV?_216739.exe

Scan kingroot_428059.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.