AutoPico.exe

AutoPico

It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
Product:
AutoPico

Version:
8.2.0.0

MD5:
b1c45bcc10b41d88837f1ca3d30b1824

SHA-1:
5f566e2fbaee1d6d26d0178dbb13beb765952d5d

SHA-256:
8fefb97a153ed2ada13973dd56d442475da6fa033d33bc3fc103b8f1ddb853dc

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 1:42:48 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/HackTool.IdleKMS.B potentially unsafe application
6.3.12010.0

Microsoft Security Essentials
HackTool:Win32/AutoKMS
1.237.565.0

File size:
670.5 KB (686,592 bytes)

Product version:
8.2.0.0

Original file name:
AutoPico.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\kmspico\autopico.exe

File PE Metadata
Compilation timestamp:
11/11/2013 4:46:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:LomT1omoVSlwTPCRNHXTrw90HSPxH5jIg+gTX99nCdCct0:FToYlwm/jr28SfX9J

Entry address:
0xA547E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6505

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
653.5 KB (669,184 bytes)

Scheduled Task
Task name:
AutoPico Daily Restart

Trigger:
Daily (Runs daily at 11:59 AM)

Action:
autopico.exe \silent


The file AutoPico.exe has been seen being distributed by the following URL.

temp:AutoPico.exe

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to host-24-56-178-140.beyondbb.com  (24.56.178.140:13)

TCP:
Connects to nist1-lnk.binary.net  (216.229.0.179:13)

TCP:
Connects to utcnist2.colorado.edu  (128.138.141.172:13)

TCP:
Connects to 207_223_123_18.colo.teklinks.net  (207.223.123.18:13)

TCP:
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:13)

TCP:
Connects to time-c.nist.gov  (129.6.15.30:13)

TCP:
Connects to time-d.nist.gov  (129.6.15.27:13)

TCP:
Connects to india.colorado.edu  (128.138.140.44:13)

TCP:
Connects to nist-time-server.eoni.com  (216.228.192.69:13)

TCP:
Connects to nisttime.edzone.net  (198.111.152.100:13)

TCP:
Connects to nist.netservicesgroup.com  (64.113.32.5:13)

TCP:
Connects to unallocated.barefruit.co.uk  (92.242.140.20:13)

TCP:
Connects to multimedia-redir.interia.pl  (217.74.65.145:13)

Scan AutoPico.exe - Powered by Reason Core Security