home

kms 8.1.exe

KMSAuto Easy

MSfree Inc.

The application kms 8.1.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program Garena - Heroes of Newerth by Garena Online Pte Ltd.. The file has been seen being downloaded from s0ylda-sn3301.files.1drv.com and multiple other hosts.
Publisher:
MSfree Inc.

Product:
KMSAuto Easy

Version:
1,0,6,0

MD5:
ecb8c304c86b3836f676d5931168e312

SHA-1:
18ed54ada3432e99b7ad24065f4eb63e9f9470cb

SHA-256:
7c0db1710b298866ddd80ebac57c67f298072bdb61ce0cc92a15ccbd153e8acd

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 1:33:55 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod4d0.Trojan
1.3.0.4677

Dr.Web
Trojan.Inject1.32910
9.0.1.02

IKARUS anti.virus
not-a-virus.Activator.Microsoft
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.10867

McAfee
Artemis!ECB8C304C86B
5600.7262

Norman
MPress.C
11.20140102

Trend Micro House Call
TROJ_GEN.F47V1111
7.2.2

File size:
327.5 KB (335,360 bytes)

Product version:
1,0,6,0

Copyright:
MSfree Inc., Ratiborus

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\w8.1 act 3\kms 8.1.exe

File PE Metadata
Compilation timestamp:
3/25/2011 1:17:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.50

CTPH (ssdeep):
6144:FlvahlXvVw8RZ1q92dEtz9TZVCQh/G1yF+G+m:yhl1ZgCExFZ7h/j+G+m

Entry address:
0x941E7

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Entropy:
7.9672

Packer / compiler:
ASPack v1.08.04

Code size:
33 KB (33,792 bytes)

The file kms 8.1.exe has been discovered within the following program.

Garena - Heroes of Newerth  by Garena Online Pte Ltd.
Heroes of Newerth is a video game distributed through the Garena platform.
hon.garena.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file kms 8.1.exe has been seen being distributed by the following 12 URLs.

https://s0ylda-sn3301.files.1drv.com/.../KMSAutoEasy EN.exe

temp:KMS 8.1.exe

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../L4xjGT4A

https://drive.google.com/uc?id=0B0NLVgWeM63XRGRJT3E3MnlIckk&export=download

https://doc-10-3c-docs.googleusercontent.com/docs/securesc/j31vp9gfqd0cmb09uv6i0ecinah2p8r1/2s4cu9i6o3a95qsi3v5u6s1ebh7nra74/1438236000000/04821386925065838187/.../0B6RVPG0a_bZmNno5UjlmNkFIZEE?e=download

http://s1.toldacuccot.hu/dl.php?sid=cebe07f482db16ed001a8e1e539a810b&file=KMS 8.1.exe

https://dl-web.dropbox.com/get/public/microsoft office 365 home premium proplus small business (by world4hack)/.../Microsoft Permanent Activator.exe

http://dc444.4shared.com/download/.../KMSAutoEasy_EN.exe

https://mega.nz/persistent/.../L4xjGT4A

http://dc589.2shared.com/download/.../KMSAutoEasy_EN.exe

https://dl.boxcloud.com/bc/2/14e751f28de4837d9b4ce35125d29078/oxsr6n5bVQhyic6N7TfrMf0sVTkQUOBIH0HsZBGRDI0si84Chpt_3ZjzaZYMPOwbyyATOQjCMtuz5i34lvwOPzn6vqjPIlTrSc5QsrWM9azon8_U4LjbzhWHmhk5Jz40E9L2kFWHtSdtuLT1BX4MbfVgUcmXL2YRkHmJrcahVWQjVo9ua9G_PirfTMmTSiDRyHrBTNMe5dG5OO1XdseWDHJrOaN5Ny9pIfF6qLhLUKQoeqiD2R4kvV2Y4qccWqLPdQK9hvISFXaIBAKA82JdGXRDDnxO7TUrkNpqeGFDO8d4MljTp6VzqOy0AjmLO5-igKFRyJJmoAeD6YZTMwPqaEzT2A3a3hVi_byo1dlhZM6XzU6J1L9I-EcqGSwRKY8ynj1NDrzsY8FuwgyqxqK1ZVXovb7KB0x4azFETz82RWbE4wAUb_n_a_gfHo_Lrq3eSu5OckEcFTHGq5GtBkJ9w4a6hBqNMYploxxx7ig2YU5W4A3V79UqES0J_CAo6enhcMLLKGJcA3k7Q8quUoD69ljwpJk9qLNd3M3_qynuP1nFCyPWKUKZV5tDvEtEeEz9xg9Vz5FOUwYjjhLRTPapw2tfpb9Dsps1gVbIJT6EfT7H1b8IaB1AJvObmvNWDsIsEPfO-c7bkDwJh_fN-VWgj-dQrgC1m7RMWrsSKkNe5i7nXg9gE3zYtIMVyff9TU8CIfYFB03shiLOFN8M-sYGhJDXnwbU9GmUcspV_bafUM-japkGEW5go7KpFqgHgAfQctU9inbJYnggPSwjQvZEZHLDMTK44Ro6pVnVARuVYEs,/.../

https://app.box.com/index.php?rm=box_download_file_via_post

Remove kms 8.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.