kmsauto.exe

Ratiborus MSFree Inc.

This is a setup program which is used to install the application. The file has been seen being downloaded from online.b1.org and multiple other hosts.
Publisher:
Ratiborus MSFree Inc.  (signed and verified)

MD5:
0d0fa22b54659fa29d7a1a19bb69c099

SHA-1:
0e69a64a586e1e1226d2fc92d318d012311be48f

SHA-256:
8cfcc1201395520fb93dfe318056d69dc0cdd75c12aa0b27c6cb5420ff4a7f06

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/28/2024 3:11:57 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Unwanted/Win32.KMS
2015.08.09

ESET NOD32
Win32/HackKMS.Q potentially unsafe (variant)
9.12065

Fortinet FortiGate
Riskware/HackKMS
8/10/2015

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.9.5.0

McAfee
Artemis!0D0FA22B5465
5600.6677

Panda Antivirus
HackingTool/AutoKMS
15.08.10.05

File size:
5.9 MB (6,230,776 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\kmsauto lite portable v1.2.1\kmsauto lite portable v1.2.1\kmsauto.exe

Digital Signature
Authority:
Ratiborus MSFree Inc.

Valid from:
7/26/2015 10:49:10 AM

Valid to:
1/1/2040 3:59:59 AM

Subject:
CN=Ratiborus MSFree Inc.

Issuer:
CN=Ratiborus MSFree Inc.

Serial number:
1EB52394D7A0F7804AC8F80D76139591

File PE Metadata
Compilation timestamp:
8/3/2015 5:41:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
98304:pkxAywhmdkyw6ywxywwywHywWywbywmIiywOht3ywuywQywK:WAyw5yw6ywxywwywHywWywbywmIiywOa

Entry address:
0x1000

Entry point:
68, 30, 09, 00, 00, 68, 00, 00, 00, 00, 68, 90, 6C, 9E, 00, E8, D6, B1, 01, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, CF, B1, 01, 00, A3, 94, 6C, 9E, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, BC, B1, 01, 00, A3, 90, 6C, 9E, 00, B8, 6B, 72, 48, 00, A3, D8, 6D, 9E, 00, E8, F2, 0B, 03, 00, E8, DD, FC, 02, 00, E8, 52, E2, 02, 00, E8, CA, D4, 02, 00, E8, 0E, C8, 02, 00, E8, FA, C4, 02, 00, E8, E8, C2, 02, 00, E8, B1, AA, 02, 00, E8, A0, A5, 02, 00, E8, B5, 94, 02, 00, E8, 38, 88, 02, 00...
 
[+]

Packer / compiler:
PKLITE32, 0x1.1

Code size:
405 KB (414,720 bytes)

The file kmsauto.exe has been seen being distributed by the following 6 URLs.

http://online.b1.org/rest/online/download/Activador 2 (By Lucas Garcia) (1).rar/.../KMSAuto.exe

about:internet

ftp://asopo.es/PROGRAMAS/WINDOWS/OFFICE PROFFESIONAL PLUS 2016/Activadores/.../KMSAuto.exe

temp:KMSAuto.exe

Scan kmsauto.exe - Powered by Reason Core Security