» AutoPico.exe
Overview
Analysis
File Details
Behaviors (1)
Network (9)

AutoPico.exe

AutoPico

ByELDI Certificate

The application AutoPico.exe by ByELDI Certificate has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address time-d.nist.gov on port 13.

File name:

AutoPico.exe

Publisher:

ByELDI Certificate (signed and verified)

Product:

AutoPico

Version:

8.6.1.0

MD5:

540bcebee98c5e1ce35704f951ceccd4

SHA-1:

782a052f570fd70bff6d3e106daa2f54495c9aed

SHA-256:

46bedd2f0274c8f952b8c217ca3c749d3fb20121d563a0bb40e4255b8fbe0e14

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 4:20:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.10015953

1086

AhnLab V3 Security

Trojan/Win32.ADH

2013.12.29

AVG

Dropper.Msil

2014.0.3637

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.14214

Bitdefender

Trojan.Generic.10015953

1.0.20.225

Bkav FE

W32.Clod162.Trojan

1.3.0.4613

Emsisoft Anti-Malware

Trojan.Generic.10015953

8.14.02.14.01

ESET NOD32

MSIL/HackTool.IdleKMS (variant)

8.9190

Fortinet FortiGate

W32/Generic!tr

2/14/2014

F-Secure

Trojan.Generic.10015953

11.2014-14-02_6

G Data

Trojan.Generic.10015953

14.2.22

IKARUS anti.virus

Virus.Dropper

t3scan.2.2.29

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.4577

McAfee

Artemis!540BCEBEE98C

5600.7277

MicroWorld eScan

Trojan.Generic.10015953

15.0.0.135

NANO AntiVirus

Trojan.Win32..cnowpm

0.28.0.57029

Norman

Agent.AOQWC

11.20131203

nProtect

Trojan.GenericKD.1419735

14.01.15.01

Panda Antivirus

Generic Malware

14.02.14.01

Reason Heuristics

PUP.Task.ByELDICertificate.I

14.3.1.2

Trend Micro House Call

TROJ_GEN.R08NH07KK13

7.2.337

Trend Micro

TROJ_GEN.R0CBC0OKQ13

10.465.14

VIPRE Antivirus

Trojan.Win32.Generic

24864

File size:

675.8 KB (691,992 bytes)

Product version:

8.6.1.0

Original file name:

AutoPico.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\kmspico\autopico.exe

Digital Signature

Signed by:

ByELDI Certificate

Authority:

ByELDI Certificate

Valid from:

11/17/2013 10:11:41 PM

Valid to:

1/1/2040 3:29:59 AM

Subject:

CN=ByELDI Certificate

Issuer:

CN=ByELDI Certificate

Serial number:

AB81DC9F367529BE42665B07570FFA05

File PE Metadata

Compilation timestamp:

11/20/2013 6:23:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:BomT1omoVSluLdNHXTrw90HSPxH2LU/o5dX99nCdC1tJZ:LToYluL7jr28rkkX9xZ

Entry address:

0xA5FCE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, CD, 8C, 52, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, 60, 0A, 00, 1C, 44, 0A, 00, 52, 53, 44, 53, 7B, 96, DD, FE, 7E, F0, B5, 4B, 9A, E9, D2, C8, 29, 1E, AB, 62, 01, 00, 00, 00, 4A, 3A, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F... 
[+]

Entropy:

5.6664

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

656 KB (671,744 bytes)

Scheduled Task

Task name:

AutoPico Daily Restart

Trigger:

Daily (Runs daily at 5:29 PM)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to time-d.nist.gov (129.6.15.27:13)

TCP:

Connects to nist1-lnk.binary.net (216.229.0.179:13)

TCP:

Connects to time-c.nist.gov (129.6.15.30:13)

TCP:

Connects to nist-time-server.eoni.com (216.228.192.69:13)

TCP:

Connects to 207_223_123_18.colo.teklinks.net (207.223.123.18:13)

TCP:

Connects to nisttime.edzone.net (198.111.152.100:13)

TCP:

Connects to nist.netservicesgroup.com (64.113.32.5:13)

TCP:

Connects to 2a.6a.acb8.ip4.static.sl-reverse.com (184.172.106.42:13)

TCP:

Connects to india.colorado.edu (128.138.140.44:13)

Remove AutoPico.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.