» vroot.exe
Overview
Analysis
File Details
Downloads (2)

vroot.exe

The application vroot.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from vrootdownload.org and multiple other hosts.

File name:

vroot.exe

MD5:

cf19cb1f6eccf7a54e7085707fafd522

SHA-1:

697f20a7724abee047f042102af8c5428e254cd9

SHA-256:

80d5b4479b1ac3153e6ac25c4fe6a41db064cef3981d3f64e34fd59ca4d0f586

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

2/26/2025 8:34:34 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Android.Adware.Wapsx.Z

542

Avira AntiVirus

ADWARE/ANDR.Waps.L.Gen

8.3.1.6

avast!

Android:SpyAgent-NG [PUP]

2014.9-150812

AVG

Android/Deng

2016.0.3020

Comodo Security

UnclassifiedMalware

22988

Dr.Web

Android.Spy.144.origin

9.0.1.0224

ESET NOD32

Android/AdDisplay.Waps.L potentially unwanted (variant)

9.12081

Fortinet FortiGate

Adware/Waps!Android

8/12/2015

F-Prot

AndroidOS/Mgyun.A

v6.4.7.1.166

F-Secure

Android.Adware.Wapsx

11.2015-12-08_4

G Data

Win32.Application.Agent.T6GK94

15.8.25

IKARUS anti.virus

PUA.AndroidOS.Waps

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.207.16857

McAfee

Artemis!CF19CB1F6ECC

5600.6676

MicroWorld eScan

Android.Adware.Wapsx.Z

16.0.0.672

NANO AntiVirus

Trojan.Android.Opfake.dqlzft

0.30.24.3079

Quick Heal

Android.Waps.E (AdWare)

8.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.8.12.11

Sophos

Android MgyunRoot (PUA)

4.98

VIPRE Antivirus

Trojan.Win32.Generic

42808

File size:

6.3 MB (6,577,190 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\vroot.exe

File PE Metadata

Compilation timestamp:

6/6/2014 1:29:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:kZB4fJWUb0ZWjt2EHK/Z9Z1vmD42ipax1ZHmXeG0DuCgudLxkfCS6KUV0B:cBSUUWMt2EHQjuIarwXerDVgcLxs6KkO

Entry address:

0x109DA

Entry point:

E8, 11, 65, 00, 00, E9, 78, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B... 
[+]

Code size:

111.5 KB (114,176 bytes)

The file vroot.exe has been seen being distributed by the following 2 URLs.

http://vrootdownload.org/vroot.exe

http://vrootdownload.org/iroot.exe

Remove vroot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.