» AutoPico.exe
Overview
Analysis
File Details
Behaviors (1)
Network (11)

AutoPico.exe

AutoPico

ByELDI Certificate

The application AutoPico.exe by ByELDI Certificate has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address time-d.nist.gov on port 13.

File name:

AutoPico.exe

Publisher:

ByELDI Certificate (signed and verified)

Product:

AutoPico

Version:

8.5.0.0

MD5:

3ae2d4c765540fa4e3d8a3054e0491a7

SHA-1:

75d560c25fd317f9b8ae719bd47aacbc0abde400

SHA-256:

0ab8493c75d3fb461ecf3c7bbd0053f6c0a74838ebd7b85e452b196204fca282

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/2/2024 1:40:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.10050438

1079

AhnLab V3 Security

Trojan/Win32.ADH

2013.12.29

AVG

Dropper.Msil

2014.0.3613

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.131227

Bitdefender

Trojan.Generic.10050438

1.0.20.255

Bkav FE

W32.Clodd64.Trojan

1.3.0.4613

Emsisoft Anti-Malware

Trojan.Generic.10050438

8.14.02.20.10

ESET NOD32

MSIL/HackTool.IdleKMS (variant)

8.9260

Fortinet FortiGate

W32/Generic!tr

2/20/2014

F-Secure

Trojan.Generic.10050438

11.2014-20-02_5

G Data

Trojan.Generic.10050438

14.2.22

IKARUS anti.virus

Virus.Dropper

t3scan.2.2.29

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.4280

McAfee

RDN/Generic Dropper!sh

5600.7269

MicroWorld eScan

Trojan.Generic.10050438

15.0.0.153

NANO AntiVirus

Trojan.Win32..cnjpuc

0.28.0.57029

Norman

Agent.AOQWC

11.20131227

nProtect

Trojan.GenericKD.1419735

14.01.15.01

Panda Antivirus

Suspicious file

13.12.27.01

Reason Heuristics

PUP.Task.ByELDICertificate.I

14.2.20.22

Trend Micro House Call

TROJ_GEN.R0CBB01LS13

7.2.361

Trend Micro

TROJ_GEN.R0CBC0PLM13

10.465.20

VIPRE Antivirus

Trojan.Win32.Generic

25186

File size:

675.8 KB (691,992 bytes)

Product version:

8.5.0.0

Original file name:

AutoPico.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\kmspico\autopico.exe

Digital Signature

Signed by:

ByELDI Certificate

Authority:

ByELDI Certificate

Valid from:

11/17/2013 1:41:41 PM

Valid to:

12/31/2039 6:59:59 PM

Subject:

CN=ByELDI Certificate

Issuer:

CN=ByELDI Certificate

Serial number:

AB81DC9F367529BE42665B07570FFA05

File PE Metadata

Compilation timestamp:

11/19/2013 11:00:21 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:3omT1omoVSlYQdNHXTrw90HSPxH5l3MTosfX99nCdCJggs:RToYlYQ7jr2803MThX9Bs

Entry address:

0xA5FAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 15, 8B, 8B, 52, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, 60, 0A, 00, 1C, 44, 0A, 00, 52, 53, 44, 53, A5, 2D, 82, 5A, 55, BC, 7A, 4C, AD, 79, 3B, 27, F2, 98... 
[+]

Entropy:

5.6659

Code size:

656 KB (671,744 bytes)

Scheduled Task

Task name:

AutoPico Daily Restart

Trigger:

Daily (Runs daily at 11:59 AM)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to time-c.nist.gov (129.6.15.30:13)

TCP:

Connects to 207_223_123_18.colo.teklinks.net (207.223.123.18:13)

TCP:

Connects to time-d.nist.gov (129.6.15.27:13)

TCP:

Connects to nist.netservicesgroup.com (64.113.32.5:13)

TCP:

Connects to utcnist2.colorado.edu (128.138.141.172:13)

TCP:

Connects to nist-time-server.eoni.com (216.228.192.69:13)

TCP:

Connects to nisttime.edzone.net (198.111.152.100:13)

TCP:

Connects to nist1-lnk.binary.net (216.229.0.179:13)

TCP:

Connects to india.colorado.edu (128.138.140.44:13)

TCP:

Connects to 2a.6a.acb8.ip4.static.sl-reverse.com (184.172.106.42:13)

TCP:

Connects to host-24-56-178-140.beyondbb.com (24.56.178.140:13)

Remove AutoPico.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.