AutoPico.exe

AutoPico

ByELDI Certificate

The application AutoPico.exe by ByELDI Certificate has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address time-d.nist.gov on port 13.
Publisher:
ByELDI Certificate  (signed and verified)

Product:
AutoPico

Version:
8.6.1.0

MD5:
540bcebee98c5e1ce35704f951ceccd4

SHA-1:
782a052f570fd70bff6d3e106daa2f54495c9aed

SHA-256:
46bedd2f0274c8f952b8c217ca3c749d3fb20121d563a0bb40e4255b8fbe0e14

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 5:54:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10015953
1086

AhnLab V3 Security
Trojan/Win32.ADH
2013.12.29

AVG
Dropper.Msil
2014.0.3637

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.14214

Bitdefender
Trojan.Generic.10015953
1.0.20.225

Bkav FE
W32.Clod162.Trojan
1.3.0.4613

Emsisoft Anti-Malware
Trojan.Generic.10015953
8.14.02.14.01

ESET NOD32
MSIL/HackTool.IdleKMS (variant)
8.9190

Fortinet FortiGate
W32/Generic!tr
2/14/2014

F-Secure
Trojan.Generic.10015953
11.2014-14-02_6

G Data
Trojan.Generic.10015953
14.2.22

IKARUS anti.virus
Virus.Dropper
t3scan.2.2.29

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.4577

McAfee
Artemis!540BCEBEE98C
5600.7277

MicroWorld eScan
Trojan.Generic.10015953
15.0.0.135

NANO AntiVirus
Trojan.Win32..cnowpm
0.28.0.57029

Norman
Agent.AOQWC
11.20131203

nProtect
Trojan.GenericKD.1419735
14.01.15.01

Panda Antivirus
Generic Malware
14.02.14.01

Reason Heuristics
PUP.Task.ByELDICertificate.I
14.3.1.2

Trend Micro House Call
TROJ_GEN.R08NH07KK13
7.2.337

Trend Micro
TROJ_GEN.R0CBC0OKQ13
10.465.14

VIPRE Antivirus
Trojan.Win32.Generic
24864

File size:
675.8 KB (691,992 bytes)

Product version:
8.6.1.0

Original file name:
AutoPico.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\kmspico\autopico.exe

Digital Signature
Authority:
ByELDI Certificate

Valid from:
11/17/2013 10:11:41 PM

Valid to:
1/1/2040 3:29:59 AM

Subject:
CN=ByELDI Certificate

Issuer:
CN=ByELDI Certificate

Serial number:
AB81DC9F367529BE42665B07570FFA05

File PE Metadata
Compilation timestamp:
11/20/2013 6:23:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:BomT1omoVSluLdNHXTrw90HSPxH2LU/o5dX99nCdC1tJZ:LToYluL7jr28rkkX9xZ

Entry address:
0xA5FCE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, CD, 8C, 52, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, 60, 0A, 00, 1C, 44, 0A, 00, 52, 53, 44, 53, 7B, 96, DD, FE, 7E, F0, B5, 4B, 9A, E9, D2, C8, 29, 1E, AB, 62, 01, 00, 00, 00, 4A, 3A, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F...
 
[+]

Entropy:
5.6664

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
656 KB (671,744 bytes)

Scheduled Task
Task name:
AutoPico Daily Restart

Trigger:
Daily (Runs daily at 5:29 PM)


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to time-d.nist.gov  (129.6.15.27:13)

TCP:
Connects to nist1-lnk.binary.net  (216.229.0.179:13)

TCP:
Connects to time-c.nist.gov  (129.6.15.30:13)

TCP:
Connects to nist-time-server.eoni.com  (216.228.192.69:13)

TCP:
Connects to 207_223_123_18.colo.teklinks.net  (207.223.123.18:13)

TCP:
Connects to nisttime.edzone.net  (198.111.152.100:13)

TCP:
Connects to nist.netservicesgroup.com  (64.113.32.5:13)

TCP:
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:13)

TCP:
Connects to india.colorado.edu  (128.138.140.44:13)

Remove AutoPico.exe - Powered by Reason Core Security