AutoPico.exe

AutoPico

ByELDI Certificate

The application AutoPico.exe by ByELDI Certificate has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address time-d.nist.gov on port 13.
Publisher:
ByELDI Certificate  (signed and verified)

Product:
AutoPico

Version:
8.5.0.0

MD5:
3ae2d4c765540fa4e3d8a3054e0491a7

SHA-1:
75d560c25fd317f9b8ae719bd47aacbc0abde400

SHA-256:
0ab8493c75d3fb461ecf3c7bbd0053f6c0a74838ebd7b85e452b196204fca282

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 6:08:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10050438
1079

AhnLab V3 Security
Trojan/Win32.ADH
2013.12.29

AVG
Dropper.Msil
2014.0.3613

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.131227

Bitdefender
Trojan.Generic.10050438
1.0.20.255

Bkav FE
W32.Clodd64.Trojan
1.3.0.4613

Emsisoft Anti-Malware
Trojan.Generic.10050438
8.14.02.20.10

ESET NOD32
MSIL/HackTool.IdleKMS (variant)
8.9260

Fortinet FortiGate
W32/Generic!tr
2/20/2014

F-Secure
Trojan.Generic.10050438
11.2014-20-02_5

G Data
Trojan.Generic.10050438
14.2.22

IKARUS anti.virus
Virus.Dropper
t3scan.2.2.29

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.4280

McAfee
RDN/Generic Dropper!sh
5600.7269

MicroWorld eScan
Trojan.Generic.10050438
15.0.0.153

NANO AntiVirus
Trojan.Win32..cnjpuc
0.28.0.57029

Norman
Agent.AOQWC
11.20131227

nProtect
Trojan.GenericKD.1419735
14.01.15.01

Panda Antivirus
Suspicious file
13.12.27.01

Reason Heuristics
PUP.Task.ByELDICertificate.I
14.2.20.22

Trend Micro House Call
TROJ_GEN.R0CBB01LS13
7.2.361

Trend Micro
TROJ_GEN.R0CBC0PLM13
10.465.20

VIPRE Antivirus
Trojan.Win32.Generic
25186

File size:
675.8 KB (691,992 bytes)

Product version:
8.5.0.0

Original file name:
AutoPico.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\kmspico\autopico.exe

Digital Signature
Authority:
ByELDI Certificate

Valid from:
11/17/2013 1:41:41 PM

Valid to:
12/31/2039 6:59:59 PM

Subject:
CN=ByELDI Certificate

Issuer:
CN=ByELDI Certificate

Serial number:
AB81DC9F367529BE42665B07570FFA05

File PE Metadata
Compilation timestamp:
11/19/2013 11:00:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:3omT1omoVSlYQdNHXTrw90HSPxH5l3MTosfX99nCdCJggs:RToYlYQ7jr2803MThX9Bs

Entry address:
0xA5FAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 15, 8B, 8B, 52, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, 60, 0A, 00, 1C, 44, 0A, 00, 52, 53, 44, 53, A5, 2D, 82, 5A, 55, BC, 7A, 4C, AD, 79, 3B, 27, F2, 98...
 
[+]

Entropy:
5.6659

Code size:
656 KB (671,744 bytes)

Scheduled Task
Task name:
AutoPico Daily Restart

Trigger:
Daily (Runs daily at 11:59 AM)


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to time-c.nist.gov  (129.6.15.30:13)

TCP:
Connects to 207_223_123_18.colo.teklinks.net  (207.223.123.18:13)

TCP:
Connects to time-d.nist.gov  (129.6.15.27:13)

TCP:
Connects to nist.netservicesgroup.com  (64.113.32.5:13)

TCP:
Connects to utcnist2.colorado.edu  (128.138.141.172:13)

TCP:
Connects to nist-time-server.eoni.com  (216.228.192.69:13)

TCP:
Connects to nisttime.edzone.net  (198.111.152.100:13)

TCP:
Connects to nist1-lnk.binary.net  (216.229.0.179:13)

TCP:
Connects to india.colorado.edu  (128.138.140.44:13)

TCP:
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:13)

TCP:
Connects to host-24-56-178-140.beyondbb.com  (24.56.178.140:13)

Remove AutoPico.exe - Powered by Reason Core Security