Root.exe

Root大师

信一网络

The application Root.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. While running, it connects to the Internet address hn.kd.ny.adsl on port 80 using the HTTP protocol.
Publisher:
信一网络

Product:
Root大师

Version:
1, 7, 4, 0

MD5:
0244deff548925db5fff3f414c6642b0

SHA-1:
de8cce07405aef9b0823f89bfb846d652132cf14

SHA-256:
f5ac4079cdba031cf7b7841c8d725224b79a8e465a6b7d1c2933cf923b8c6167

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 5:56:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.419277
589

avast!
Win32:AgentDropper-A [PUP]
2014.9-150626

AVG
PSW.Generic_c
2016.0.3067

Baidu Antivirus
Trojan.Android.Agent
4.0.3.15626

Bitdefender
Gen:Variant.Kazy.419277
1.0.20.885

Comodo Security
UnclassifiedMalware
21595

Dr.Web
Android.Spy.82.origin
9.0.1.0177

Emsisoft Anti-Malware
Gen:Variant.Kazy.419277
8.15.06.26.08

ESET NOD32
Android/Spy.Agent.BB
9.11402

Fortinet FortiGate
Android/Agent.BB!tr
6/26/2015

F-Secure
Gen:Variant.Kazy.419277
11.2015-26-06_6

G Data
Gen:Variant.Kazy.419277
15.6.25

IKARUS anti.virus
Trojan.AndroidOS.Agent
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15432

McAfee
Artemis!0244DEFF5489
5600.6723

MicroWorld eScan
Gen:Variant.Kazy.419277
16.0.0.531

NANO AntiVirus
Trojan.Android.Agent.cwzglj
0.30.8.659

Norman
Suspicious_Gen4.FZCAL
11.20150626

Panda Antivirus
Android/NS.A
15.06.26.08

Qihoo 360 Security
Win32/Virus.Spy.c26
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R002C0EKG14
7.2.177

Trend Micro
TROJ_GEN.R002C0EKG14
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
38922

File size:
1.8 MB (1,883,648 bytes)

Product version:
1, 7, 4, 4996

Copyright:
Copyright (C) 2013 Xinyi All Rights Reserved

Original file name:
Root.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\vroot\root.exe

File PE Metadata
Compilation timestamp:
12/30/2013 4:57:55 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:bmFE+Qrcg7lrLLeUrjr/2j2Vh+HZiSCiKpE7+42Ydq/81s2dGDGFcv8EkJbGBu:KFN5KLU2VM5RC4yt9019dGiWEEkJiBu

Entry address:
0x296BA

Entry point:
E8, 99, 04, 00, 00, E9, 37, FD, FF, FF, FF, 25, B0, E5, 42, 00, CC, CC, 68, 25, 97, 42, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 18, F0, 43, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 7A, 92, 42...
 
[+]

Code size:
180 KB (184,320 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hn.kd.ny.adsl  (42.236.125.104:80)

TCP (HTTP):
Connects to a104-103-72-224.deploy.static.akamaitechnologies.com  (104.103.72.224:80)

TCP (HTTP):
Connects to a104-103-72-153.deploy.static.akamaitechnologies.com  (104.103.72.153:80)

Remove Root.exe - Powered by Reason Core Security