» AutoPico.exe
Overview
Analysis
File Details
Behaviors (1)
Network (5)

AutoPico.exe

AutoPico

ByELDI Certificate

The application AutoPico.exe by ByELDI Certificate has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address 2a.6a.acb8.ip4.static.sl-reverse.com on port 13.

File name:

AutoPico.exe

Publisher:

ByELDI Certificate (signed and verified)

Product:

AutoPico

Version:

9.1.1.0

MD5:

ae25c9da26b27a09ac901f3c400f9da1

SHA-1:

5cf4beba0fe291bfe469341cc6573e1f77b4c47a

SHA-256:

b97375c393686ec31b190ed18b202646a3893805892f748ffe5e795ca5e64600

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 1:36:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.10050438

1085

AhnLab V3 Security

Trojan/Win32.ADH

2013.12.29

AVG

Dropper.Msil

2014.0.3617

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.14215

Bitdefender

Trojan.Generic.10050438

1.0.20.230

Bkav FE

W32.Clod6d7.Trojan

1.3.0.4613

Emsisoft Anti-Malware

Trojan.Generic.10050438

8.14.02.15.08

ESET NOD32

MSIL/HackTool.IdleKMS (variant)

8.9190

Fortinet FortiGate

W32/Generic!tr

2/15/2014

F-Secure

Trojan.Generic.10050438

11.2014-15-02_7

G Data

Trojan.Generic.10050438

14.2.22

IKARUS anti.virus

Virus.Dropper

t3scan.2.2.29

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.4308

McAfee

Artemis!AE25C9DA26B2

5600.7259

MicroWorld eScan

Trojan.Generic.10050438

15.0.0.138

NANO AntiVirus

Trojan.Win32..congbf

0.28.0.57029

Norman

Agent.AOQWC

11.20131222

nProtect

Trojan.GenericKD.1419735

14.01.15.01

Panda Antivirus

Generic Malware

14.02.15.08

Reason Heuristics

PUP.Task.ByELDICertificate.I

14.3.2.17

Trend Micro House Call

TROJ_GEN.F47V1209

7.2.6

Trend Micro

TROJ_GEN.R0CBC0PLM13

10.465.15

VIPRE Antivirus

Trojan.Win32.Generic

24728

File size:

787.8 KB (806,680 bytes)

Product version:

9.1.1.0

Original file name:

AutoPico.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\kmspico\autopico.exe

Digital Signature

Signed by:

ByELDI Certificate

Authority:

ByELDI Certificate

Valid from:

11/18/2013 1:41:41 AM

Valid to:

1/1/2040 6:59:59 AM

Subject:

CN=ByELDI Certificate

Issuer:

CN=ByELDI Certificate

Serial number:

AB81DC9F367529BE42665B07570FFA05

File PE Metadata

Compilation timestamp:

12/9/2013 11:55:08 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:homT1omoVSlBJguPTXXNHXTrw90HSPxHFn1aVf9oREQTdjC0r8Vx:rToYl08jr28i2Vx

Entry address:

0xC1E2E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

768 KB (786,432 bytes)

Scheduled Task

Task name:

AutoPico Daily Restart

Trigger:

Daily (Runs daily at 5:29 CH)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to 2a.6a.acb8.ip4.static.sl-reverse.com (184.172.106.42:13)

TCP:

Connects to nist1-lnk.binary.net (216.229.0.179:13)

TCP:

Connects to nisttime.edzone.net (198.111.152.100:13)

TCP:

Connects to host-24-56-178-140.beyondbb.com (24.56.178.140:13)

TCP:

Connects to 207_223_123_18.colo.teklinks.net (207.223.123.18:13)

Remove AutoPico.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.