mashup_root_tool.exe

The application mashup_root_tool.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download681.mediafire.com and multiple other hosts.
MD5:
311e04ab28be598d79b89f751b493dad

SHA-1:
8eeabd0cfa80f5e50e49838d6eccbf66cf1642a3

SHA-256:
00289ab3bd34a8cd9fc3656e329e0b33c41f936807bf2a59afddd9329a626b59

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:45:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Android.Riskware.Kingroot.C
780

AegisLab AV Signature
Lotoor
2.1.4+

Avira AntiVirus
Android/Lotoor.BE.57
7.11.183.120

avast!
Win32:WrongInf-A [Susp]
2014.9-141217

AVG
Android/Deng
2015.0.3258

Dr.Web
Android.Exploit.10
9.0.1.0351

Fortinet FortiGate
Android/TowRoot.A
12/17/2014

F-Secure
Android.Riskware.Kingroot.C
11.2014-17-12_4

IKARUS anti.virus
not-a-virus:Rooter.TowelRoot
t3scan.1.8.3.0

McAfee
Artemis!311E04AB28BE
5600.6914

MicroWorld eScan
Android.Riskware.Agent.gXWTY
15.0.0.1053

Qihoo 360 Security
Win32/Trojan.RiskWare.c88
1.0.0.1015

Quick Heal
Android.TowelRoot.A
12.14.14.00

Trend Micro House Call
Suspici.83040AF8
7.2.351

VIPRE Antivirus
Trojan.AndroidOS.Generic.A
34560

File size:
15.6 MB (16,389,931 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/29/2014 5:13:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
393216:+yNVNJFeYwqMKLI1G/HDLRsq8liMkZckcCE6Iry8yC7hrrP1V4hb6qNRcakDF6:+8kYwqMKL1LElSgCEN/bhXr4hpNRcxZ6

Entry address:
0x1000

Entry point:
68, 18, 02, 00, 00, 68, 00, 00, 00, 00, 68, B4, AD, 46, 00, E8, 10, 91, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 0F, 91, 00, 00, A3, B8, AD, 46, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, FC, 90, 00, 00, A3, B4, AD, 46, 00, B8, 40, A7, 43, 00, A3, CC, AD, 46, 00, E8, 42, 86, 02, 00, E8, 70, 68, 02, 00, E8, B7, 64, 02, 00, E8, 0E, 63, 02, 00, E8, DB, 61, 02, 00, E8, C2, 58, 02, 00, E8, BB, 4A, 02, 00, E8, F6, 46, 02, 00, E8, D3, 2F, 02, 00, E8, D7, E9, 01, 00, E8, 39, B7, 01, 00...
 
[+]

Entropy:
7.9942

Packer / compiler:
PKLITE32, 0x1.1

Code size:
194.5 KB (199,168 bytes)

The file mashup_root_tool.exe has been seen being distributed by the following 9 URLs.

http://download681.mediafire.com/m51hq6n4tlig/.../Mashup_Root_Tool.exe

http://download1859.mediafire.com/wym43e3o3gxg/.../Mashup_Root_Tool.exe

http://download986.mediafire.com/dbtf9s0mwqdg/.../Mashup_Root_Tool.exe

http://download636.mediafire.com/295s97in4frg/.../Mashup_Root_Tool.exe

Remove mashup_root_tool.exe - Powered by Reason Core Security