home

mtkdroidtools.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz and multiple other hosts.
MD5:
9830634b3ba821776e3a16838df82275

SHA-1:
a43a0515963f51b5366894dcc0b5a5cdbf992f95

SHA-256:
9ae4a25bcb38290a69aa926d68bb85d22c665f46d50716eeddc0c9f348af198c

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 8:25:28 PM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan.Win32.Spy
t3scan.2.2.29

Rising Antivirus
PE:Trojan.Injector!1.9DEE
23.00.65.14322

Trend Micro House Call
TROJ_GEN.F47V0125
7.2.83

VIPRE Antivirus
Threat.4150696
49578

File size:
482.5 KB (494,080 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
1/19/2014 6:10:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
6144:hB7SMKLEu6obGokwsKFm8RgLu0duqusboZE5xcHhTu0f4ri:hJFKLwoSoUKFm8Rn0df1o+UCi

Entry address:
0x1000

Entry point:
68, E4, 02, 00, 00, 68, 00, 00, 00, 00, 68, F0, 88, 47, 00, E8, FE, 03, 03, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, FD, 03, 03, 00, A3, F4, 88, 47, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, EA, 03, 03, 00, A3, F0, 88, 47, 00, B8, A4, 29, 47, 00, A3, 5C, 89, 47, 00, E8, 52, A6, 05, 00, E8, CD, 97, 05, 00, E8, A3, 97, 05, 00, E8, 2C, 8E, 05, 00, E8, E5, 8C, 05, 00, E8, 52, 8C, 05, 00, E8, E8, 89, 05, 00, E8, 2D, 71, 05, 00, E8, 43, 6F, 05, 00, E8, C5, 5A, 05, 00, E8, 02, 4D, 05, 00...
 
[+]

Packer / compiler:
PKLITE32, 0x1.1

Code size:
365 KB (373,760 bytes)

The file mtkdroidtools.exe has been seen being distributed by the following 3 URLs.

https://mega.nz/persistent/.../WlRwhbiL

ftp://1.235.193.138/home/videoftp/IT/jayz/n59/.../MTKdroidTools.exe

temp:MTKdroidTools.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to misc.v.dropbox.com  (108.160.172.232:80)

TCP (HTTP):
Connects to host-200-124-254-169.ecutel.net  (200.124.254.169:80)

Scan mtkdroidtools.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.