Root.exe

Root大师

深圳市信一网络有限公司

The executable Root.exe has been detected as malware by 5 anti-virus scanners. While running, it connects to the Internet address hn.kd.ny.adsl on port 80 using the HTTP protocol.
Publisher:
信一网络  (signed by 深圳市信一网络有限公司)

Product:
Root大师

Version:
1, 7, 3, 0

MD5:
5ba6c47429c5084b0cdf5dbda907b7bf

SHA-1:
125ffa0773b531648491232706689a00ba27fd0b

SHA-256:
ca6d0d8aeb36009efab5b04a6e4492369379f4c87234796164f2c4e139e52660

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/25/2024 7:07:54 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoA
1.3.0.4959

Comodo Security
UnclassifiedMalware
17881

Dr.Web
Android.Spy.82.origin
9.0.1.095

ESET NOD32
Android/Spy.Agent.BB (variant)
8.9496

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

File size:
1.5 MB (1,601,872 bytes)

Product version:
1, 7, 3, 4863

Copyright:
Copyright (C) 2013 Xinyi All Rights Reserved

Original file name:
Root.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\vroot\root.exe

Digital Signature
Authority:
WoSign eCommerce Services Limited

Valid from:
10/9/2013 9:59:05 AM

Valid to:
10/12/2014 2:03:00 AM

Subject:
E=service@mgyun.com, CN=深圳市信一网络有限公司, O=深圳市信一网络有限公司, L=深圳市, S=广东省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:
06A42B7DF93A2E

File PE Metadata
Compilation timestamp:
12/23/2013 10:24:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:x1TuHYK7h1JgcIKY3LLeUrjiE9DLqxT/assRbiGSrjmkGx7f:zSZ5IKY3CE93qxeOHTGpf

Entry address:
0x2AB1A

Entry point:
E8, 9C, 04, 00, 00, E9, 37, FD, FF, FF, FF, 25, A0, 05, 43, 00, CC, CC, 68, 85, AB, 42, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 18, 10, 44, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, DA, A6, 42...
 
[+]

Entropy:
7.5937

Code size:
186 KB (190,464 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hn.kd.ny.adsl  (42.236.126.191:80)

TCP (HTTP):
Connects to host-213.158.175.104.tedata.net  (213.158.175.104:80)

TCP (HTTP):
Connects to 152.203.215.139.adsl-pool.jlccptt.net.cn  (139.215.203.152:80)

TCP (HTTP):
Connects to a96-17-202-226.deploy.akamaitechnologies.com  (96.17.202.226:80)

TCP (HTTP):
Connects to a91-245-214-8.deploy.akamaitechnologies.com  (91.245.214.8:80)

TCP (HTTP):
Connects to a104-116-245-24.deploy.static.akamaitechnologies.com  (104.116.245.24:80)

TCP (HTTP):
Connects to 22.60.204.221.adsl-pool.sx.cn  (221.204.60.22:80)

TCP (HTTP):
Connects to 21.60.204.221.adsl-pool.sx.cn  (221.204.60.21:80)

TCP (HTTP):
Connects to 141.203.215.139.adsl-pool.jlccptt.net.cn  (139.215.203.141:80)

TCP (HTTP):
Connects to 114.60.204.221.adsl-pool.sx.cn  (221.204.60.114:80)

TCP (HTTP):
Connects to 103.234.212.118.adsl-pool.jx.chinaunicom.com  (118.212.234.103:80)

Remove Root.exe - Powered by Reason Core Security