» Root.exe
Overview
Analysis
File Details
Network (5)

Root.exe

Root大师

信一网络

The application Root.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. While running, it connects to the Internet address hn.kd.ny.adsl on port 80 using the HTTP protocol.

File name:

Root.exe

Publisher:

信一网络

Product:

Root大师

Version:

1, 7, 4, 0

MD5:

0244deff548925db5fff3f414c6642b0

SHA-1:

de8cce07405aef9b0823f89bfb846d652132cf14

SHA-256:

f5ac4079cdba031cf7b7841c8d725224b79a8e465a6b7d1c2933cf923b8c6167

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 11:40:37 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.419277

589

avast!

Win32:AgentDropper-A [PUP]

2014.9-150626

AVG

PSW.Generic_c

2016.0.3067

Baidu Antivirus

Trojan.Android.Agent

4.0.3.15626

Bitdefender

Gen:Variant.Kazy.419277

1.0.20.885

Comodo Security

UnclassifiedMalware

21595

Dr.Web

Android.Spy.82.origin

9.0.1.0177

Emsisoft Anti-Malware

Gen:Variant.Kazy.419277

8.15.06.26.08

ESET NOD32

Android/Spy.Agent.BB

9.11402

Fortinet FortiGate

Android/Agent.BB!tr

6/26/2015

F-Secure

Gen:Variant.Kazy.419277

11.2015-26-06_6

G Data

Gen:Variant.Kazy.419277

15.6.25

IKARUS anti.virus

Trojan.AndroidOS.Agent

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.202.15432

McAfee

Artemis!0244DEFF5489

5600.6723

MicroWorld eScan

Gen:Variant.Kazy.419277

16.0.0.531

NANO AntiVirus

Trojan.Android.Agent.cwzglj

0.30.8.659

Norman

Suspicious_Gen4.FZCAL

11.20150626

Panda Antivirus

Android/NS.A

15.06.26.08

Qihoo 360 Security

Win32/Virus.Spy.c26

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R002C0EKG14

7.2.177

Trend Micro

TROJ_GEN.R002C0EKG14

10.465.26

VIPRE Antivirus

Trojan.Win32.Generic

38922

File size:

1.8 MB (1,883,648 bytes)

Product version:

1, 7, 4, 4996

Original file name:

Root.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\vroot\root.exe

File PE Metadata

Compilation timestamp:

12/30/2013 4:57:55 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:bmFE+Qrcg7lrLLeUrjr/2j2Vh+HZiSCiKpE7+42Ydq/81s2dGDGFcv8EkJbGBu:KFN5KLU2VM5RC4yt9019dGiWEEkJiBu

Entry address:

0x296BA

Entry point:

E8, 99, 04, 00, 00, E9, 37, FD, FF, FF, FF, 25, B0, E5, 42, 00, CC, CC, 68, 25, 97, 42, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 18, F0, 43, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 7A, 92, 42... 
[+]

Code size:

180 KB (184,320 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to hn.kd.ny.adsl (42.236.125.104:80)

TCP (HTTP):

Connects to a104-103-72-224.deploy.static.akamaitechnologies.com (104.103.72.224:80)

TCP (HTTP):

Connects to a104-103-72-153.deploy.static.akamaitechnologies.com (104.103.72.153:80)

Remove Root.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.