home

oneclickroot.exe

One Click Root

This is a setup program which is used to install the application. The file has been seen being downloaded from RevenueWire's affiliate distribution platform deepallasantha.oneclickroot.revenuewire.net.
Publisher:
One Click Root

Product:
One Click Root

Description:
Property.ARPCOMMENTS

Version:
1.00.0188

MD5:
f49bd91503f5d0ed681c37f246dbff35

SHA-1:
56c58b597698f2e03651d7a383db1baa81e97511

SHA-256:
dc591ca5185954617b904e0441e561edfd27e4bdb8ab9f20f96f2b266ab04dbb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 10:33:56 PM UTC  (today)

File size:
18.5 MB (19,430,362 bytes)

Product version:
1.00.0188

Copyright:
Copyright (C) 2015 One Click Root

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\oneclickroot.exe

File PE Metadata
Compilation timestamp:
1/28/2015 3:02:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:OY5k41MTMPOj89O27+n/xS8A20dTDQKLf12YkV2dHdKhu1C6nwd:O3415e8NK/I8AvNQJLyOLtd

Entry address:
0x180000

Entry point:
BB, F1, C7, 59, 00, 90, 68, 20, 00, 58, 00, 5F, BE, 98, 05, 00, 00, 90, FF, 34, 3E, 31, 1C, 24, 8F, 04, 3E, 90, 83, EE, 03, 4E, 90, 90, 75, EE, 19, BA, 58, 00, F1, C7, 59, 00, F1, C7, 19, 00, 5D, 54, 55, 00, 11, 03, 7C, 01, 2B, 0C, 7C, 01, F1, 77, 5B, 00, F0, C7, 59, 00, 85, E6, 09, 00, 73, 2B, 0A, 00, 9D, 2B, 0A, 00, 35, 0C, 4A, 00, 71, 2B, 4A, 00, 9B, 2B, 4A, 00, 85, CE, 49, 00, 71, 2B, 4A, 00, 9B, 2B, 4A, 00, F1, C7, 59, 00, F1, C7, 59, 00, F1, C7, 59, 00, F1, C7, 59, 00, F5, E4, 09, 00, F1, C7, 59, 00...
 
[+]

Entropy:
7.9653  (probably packed)

Code size:
1 MB (1,049,600 bytes)

The file oneclickroot.exe has been seen being distributed by the following URL.

http://deepallasantha.oneclickroot.revenuewire.net/oneclickroot/.../

Scan oneclickroot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.