» Root.exe
Overview
Analysis
File Details
Network (18)

Root.exe

Root大师

深圳市信一网络有限公司

The executable Root.exe has been detected as malware by 5 anti-virus scanners. While running, it connects to the Internet address hn.kd.ny.adsl on port 80 using the HTTP protocol.

File name:

Root.exe

Publisher:

信一网络 (signed by 深圳市信一网络有限公司)

Product:

Root大师

Version:

1, 7, 3, 0

MD5:

5ba6c47429c5084b0cdf5dbda907b7bf

SHA-1:

125ffa0773b531648491232706689a00ba27fd0b

SHA-256:

ca6d0d8aeb36009efab5b04a6e4492369379f4c87234796164f2c4e139e52660

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

5/4/2024 1:10:03 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAutoA

1.3.0.4959

Comodo Security

UnclassifiedMalware

17881

Dr.Web

Android.Spy.82.origin

9.0.1.095

ESET NOD32

Android/Spy.Agent.BB (variant)

8.9496

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

File size:

1.5 MB (1,601,872 bytes)

Product version:

1, 7, 3, 4863

Original file name:

Root.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\vroot\root.exe

Digital Signature

Signed by:

深圳市信一网络有限公司

Authority:

WoSign eCommerce Services Limited

Valid from:

10/9/2013 9:59:05 AM

Valid to:

10/12/2014 2:03:00 AM

Subject:

E=service@mgyun.com, CN=深圳市信一网络有限公司, O=深圳市信一网络有限公司, L=深圳市, S=广东省, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign eCommerce Services Limited, C=CN

Serial number:

06A42B7DF93A2E

File PE Metadata

Compilation timestamp:

12/23/2013 10:24:24 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:x1TuHYK7h1JgcIKY3LLeUrjiE9DLqxT/assRbiGSrjmkGx7f:zSZ5IKY3CE93qxeOHTGpf

Entry address:

0x2AB1A

Entry point:

E8, 9C, 04, 00, 00, E9, 37, FD, FF, FF, FF, 25, A0, 05, 43, 00, CC, CC, 68, 85, AB, 42, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 18, 10, 44, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, DA, A6, 42... 
[+]

Entropy:

7.5937

Code size:

186 KB (190,464 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to hn.kd.ny.adsl (42.236.126.191:80)

TCP (HTTP):

Connects to host-213.158.175.104.tedata.net (213.158.175.104:80)

TCP (HTTP):

Connects to 152.203.215.139.adsl-pool.jlccptt.net.cn (139.215.203.152:80)

TCP (HTTP):

Connects to a96-17-202-226.deploy.akamaitechnologies.com (96.17.202.226:80)

TCP (HTTP):

Connects to a91-245-214-8.deploy.akamaitechnologies.com (91.245.214.8:80)

TCP (HTTP):

Connects to a104-116-245-24.deploy.static.akamaitechnologies.com (104.116.245.24:80)

TCP (HTTP):

Connects to 22.60.204.221.adsl-pool.sx.cn (221.204.60.22:80)

TCP (HTTP):

Connects to 21.60.204.221.adsl-pool.sx.cn (221.204.60.21:80)

TCP (HTTP):

Connects to 141.203.215.139.adsl-pool.jlccptt.net.cn (139.215.203.141:80)

TCP (HTTP):

Connects to 114.60.204.221.adsl-pool.sx.cn (221.204.60.114:80)

TCP (HTTP):

Connects to 103.234.212.118.adsl-pool.jx.chinaunicom.com (118.212.234.103:80)

Remove Root.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.