AutoPico.exe

AutoPico

ByELDI Certificate

The application AutoPico.exe by ByELDI Certificate has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address 2a.6a.acb8.ip4.static.sl-reverse.com on port 13.
Publisher:
ByELDI Certificate  (signed and verified)

Product:
AutoPico

Version:
9.1.1.0

MD5:
ae25c9da26b27a09ac901f3c400f9da1

SHA-1:
5cf4beba0fe291bfe469341cc6573e1f77b4c47a

SHA-256:
b97375c393686ec31b190ed18b202646a3893805892f748ffe5e795ca5e64600

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 4:23:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10050438
1085

AhnLab V3 Security
Trojan/Win32.ADH
2013.12.29

AVG
Dropper.Msil
2014.0.3617

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.14215

Bitdefender
Trojan.Generic.10050438
1.0.20.230

Bkav FE
W32.Clod6d7.Trojan
1.3.0.4613

Emsisoft Anti-Malware
Trojan.Generic.10050438
8.14.02.15.08

ESET NOD32
MSIL/HackTool.IdleKMS (variant)
8.9190

Fortinet FortiGate
W32/Generic!tr
2/15/2014

F-Secure
Trojan.Generic.10050438
11.2014-15-02_7

G Data
Trojan.Generic.10050438
14.2.22

IKARUS anti.virus
Virus.Dropper
t3scan.2.2.29

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.4308

McAfee
Artemis!AE25C9DA26B2
5600.7259

MicroWorld eScan
Trojan.Generic.10050438
15.0.0.138

NANO AntiVirus
Trojan.Win32..congbf
0.28.0.57029

Norman
Agent.AOQWC
11.20131222

nProtect
Trojan.GenericKD.1419735
14.01.15.01

Panda Antivirus
Generic Malware
14.02.15.08

Reason Heuristics
PUP.Task.ByELDICertificate.I
14.3.2.17

Trend Micro House Call
TROJ_GEN.F47V1209
7.2.6

Trend Micro
TROJ_GEN.R0CBC0PLM13
10.465.15

VIPRE Antivirus
Trojan.Win32.Generic
24728

File size:
787.8 KB (806,680 bytes)

Product version:
9.1.1.0

Original file name:
AutoPico.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\kmspico\autopico.exe

Digital Signature
Authority:
ByELDI Certificate

Valid from:
11/18/2013 1:41:41 AM

Valid to:
1/1/2040 6:59:59 AM

Subject:
CN=ByELDI Certificate

Issuer:
CN=ByELDI Certificate

Serial number:
AB81DC9F367529BE42665B07570FFA05

File PE Metadata
Compilation timestamp:
12/9/2013 11:55:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:homT1omoVSlBJguPTXXNHXTrw90HSPxHFn1aVf9oREQTdjC0r8Vx:rToYl08jr28i2Vx

Entry address:
0xC1E2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
768 KB (786,432 bytes)

Scheduled Task
Task name:
AutoPico Daily Restart

Trigger:
Daily (Runs daily at 5:29 CH)


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:13)

TCP:
Connects to nist1-lnk.binary.net  (216.229.0.179:13)

TCP:
Connects to nisttime.edzone.net  (198.111.152.100:13)

TCP:
Connects to host-24-56-178-140.beyondbb.com  (24.56.178.140:13)

TCP:
Connects to 207_223_123_18.colo.teklinks.net  (207.223.123.18:13)

Remove AutoPico.exe - Powered by Reason Core Security