setup.exe

Kingo ROOT

ZJMedia Digital Technology Ltd.

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from downloader.disk.yandex.ru and multiple other hosts.
Publisher:
Kingosoft Technology Ltd.   (signed by ZJMedia Digital Technology Ltd.)

Product:
Kingo ROOT

Description:
Kingo ROOT Setup

Version:
1.2.3.2051

MD5:
ac5c760154b7b99ebef7c89a3856cadf

SHA-1:
766fffbdee1dd1c9886a938a635f6040f30aca72

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 11:30:29 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/QHost.C.gen
v6.4.7.1.166

File size:
17.4 MB (18,221,408 bytes)

Product version:
1.2.3.2051

Copyright:
Copyright (c) 2001-2014 Kingosoft Technology Ltd.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\Program Files\kingo root\setup\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/27/2012 2:00:00 AM

Valid to:
3/27/2015 1:59:59 AM

Subject:
CN=ZJMedia Digital Technology Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ZJMedia Digital Technology Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56D66525B91E3CF6EBB314404CE3B071

File PE Metadata
Compilation timestamp:
12/20/2011 4:16:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:FBvrmR4etk7aHRUq83YyW4mcHleEJlSAAbZD0SLNEmXBRc:FByR4etuimq8oyW4mUleEjqZDjLxRc

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.9993

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file setup.exe has been seen being distributed by the following 42 URLs.

https://downloader.disk.yandex.ru/disk/6c7d49fb77188c1ace580ba8aef6e37410ce065f4fc12a903c77311243cf7283/57c83a58/.../x-dosexec&fsize=18221408&hid=5bef6429e90ce4863efdd1bd2fe380bd&media_type=executable&tknv=v2

http://download1695.mediafire.com/58nd5o8eb3ug/.../android_root.exe

http://download997.mediafire.com/71ra81jrodpg/.../android_root.exe

http://download1822.mediafire.com/61917719z3eg/.../android_root.exe

https://mega.co.nz/temporary/.../Z84hFKbI

http://download1875.mediafire.com/1yhr91n3bqlg/.../android_root.exe

http://download1875.mediafire.com/l1ssvtsh16zg/.../android_root.exe

http://download2014.mediafire.com/dc2vhwb5mz2g/.../android_root.exe

http://download1107.mediafire.com/9fcqxs8fx8og/.../android_root.exe

http://download877.mediafire.com/626xd6r550tg/.../android_root.exe

http://download877.mediafire.com/l3rv29k2hgwg/.../android_root.exe

http://download877.mediafire.com/arts0n0kdjpg/.../android_root.exe

https://mega.nz/temporary/.../HEoRFCCA

http://download1822.mediafire.com/q59uqjc6jn1g/.../android_root.exe

http://download1697.mediafire.com/xw1fekej0g1g/.../android_root.exe

http://download1798.mediafire.com/fgcm06tcb63g/.../android_root.exe

http://download877.mediafire.com/8yzxresa9xdg/.../android_root.exe

http://download991.mediafire.com/yj42vaiaxaug/.../android_root.exe

http://download839.mediafire.com/xdpjk7tjbh5g/.../android_root.exe

http://download1389.mediafire.com/x4mrr28pibag/.../android_root.exe

https://downloader.disk.yandex.com/disk/c13c09b63d2fe61512d4679005f5b9e75e64e9d03a91a327b8db07d748fbd3ce/58025b90/.../x-dosexec&fsize=18221408&hid=5bef6429e90ce4863efdd1bd2fe380bd&media_type=executable&tknv=v2

https://mega.nz/persistent/.../Z84hFKbI

https://downloader.disk.yandex.com/disk/1315682ad4eedafea6a2b6ccff4108768417fcf390958887f36c1106e892a908/5830bc3b/.../x-dosexec&fsize=18221408&hid=5bef6429e90ce4863efdd1bd2fe380bd&media_type=executable&tknv=v2

https://d1ob5g40gc5b6g.cloudfront.net/42/411644/.../android_root.exe

Latest 30 of 42 download URLs

Scan setup.exe - Powered by Reason Core Security