» kmsauto.exe
Overview
Analysis
File Details
Downloads (62)

kmsauto.exe

The application kmsauto.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The file has been seen being downloaded from mega.nz and multiple other hosts.

File name:

kmsauto.exe

MD5:

4fb4caecab9b7c3fae2affae8dd38409

SHA-1:

bbdffecff774683ea707d00b815a0c8ef6275433

SHA-256:

3eb9879ff87e42654bafb2ae0f3c6d9703ab9e67216822775268751e7166b8e2

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 10:03:18 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Unwanted/Win32.KMS

2015.06.25

avast!

Win32:Malware-gen

2014.9-150625

AVG

Patched3_c

2016.0.3067

Baidu Antivirus

Hacktool.Win32.HackKMS

4.0.3.15625

ESET NOD32

Win32/HackKMS.Q potentially unsafe application

6.3.12010.0

Fortinet FortiGate

Riskware/HackKMS

6/25/2015

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.205.16350

McAfee

Artemis!4FB4CAECAB9B

5600.6723

Microsoft Security Essentials

HackTool:Win32/AutoKMS

1.231.1232.0

VIPRE Antivirus

Trojan.Win32.Generic

41430

File size:

5.9 MB (6,166,016 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

6/22/2015 2:58:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

98304:fO2yw/yw6ywPywwywHywWywbywmIiywLUUywuywQyw:G2yw/yw6ywPywwywHywWywbywmIiywgo

Entry address:

0x1000

Entry point:

68, 20, 09, 00, 00, 68, 00, 00, 00, 00, 68, 48, 7C, 9D, 00, E8, D6, A1, 01, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, CF, A1, 01, 00, A3, 4C, 7C, 9D, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, BC, A1, 01, 00, A3, 48, 7C, 9D, 00, B8, 53, 48, 48, 00, A3, 84, 7D, 9D, 00, E8, F2, FB, 02, 00, E8, DD, EC, 02, 00, E8, 52, D2, 02, 00, E8, CA, C4, 02, 00, E8, 0E, B8, 02, 00, E8, FA, B4, 02, 00, E8, E8, B2, 02, 00, E8, AD, 9A, 02, 00, E8, 9C, 95, 02, 00, E8, B5, 84, 02, 00, E8, 38, 78, 02, 00... 
[+]

Entropy:

6.5359

Packer / compiler:

PKLITE32, 0x1.1

Code size:

401.5 KB (411,136 bytes)

The file kmsauto.exe has been seen being distributed by the following 50 URLs.

https://mega.nz/persistent/.../HgVnlAaL

https://doc-0g-7o-docs.googleusercontent.com/docs/securesc/65usnsba8i5evcj7uvnh810i5d1edqms/tfqs8ffv3ksr5mgduto5iq4ipeqibi9j/1481544000000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-04-88-docs.googleusercontent.com/docs/securesc/67q8nbds5tr1t3e9oq4l0584mqhdcrc6/9ok9s6nnvbgqqmrou9ig8umadka4703v/1484935200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/99s1v983a794u4l4q8plfiuuv152ounj/1481335200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/mook7qa4u2ger6j5k85q0ojjme10c9t6/1484928000000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-14-3k-docs.googleusercontent.com/docs/securesc/r0unng8ob2520u6qd85s3bat6bqcc1lb/9iau4eef79r7t6s1nplr7ornn81kpb00/1482782400000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-04-34-docs.googleusercontent.com/docs/securesc/0u69ki99n5nmh4jl47jls6lr83igio85/5tgoad9meqfsh9v9qieunpvt8kopt2qc/1477425600000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-8s-docs.googleusercontent.com/docs/securesc/qe70mh6mugc8chrb3559csqm3kv0lsdi/5udn27jged8cr00c6j1chlcll701brbv/1478959200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/1co0hse7t4tgq1k3qfidvu9oieempfsa/1482192000000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-10-4s-docs.googleusercontent.com/docs/securesc/2epjuu0lsue14jq6uvafga3hmflhrmhv/i3fjglof4ig3knsl2pvgm1a9mvi3902b/1475200800000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2b4bjsmlkt05gi8ripglpdhrchcnfva5/1475078400000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-14-ao-docs.googleusercontent.com/docs/securesc/uu0ih97al0kjsbmd06vjeifsdnd7l8t6/kjq7nuecamama81kg75cn06oh2ficqe5/1479931200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/h01gpg63skdi6ju5vqsvn00iijvjpqme/1476460800000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-04-50-docs.googleusercontent.com/docs/securesc/dggke8lhcdt2p311g39dn8pl4oap3h75/91rdifknjt4j4jrn1ibv3lc6i6mg0405/1477346400000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/fdm2ns4fs3tmr3l1s17kdoi34ei8v977/1478484000000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0c-bk-docs.googleusercontent.com/docs/securesc/ug11dg3fvva9f7k0o3t49lk3j294t8t6/dn12eq5lvb11bmthgc714edd7dj1t5uq/1478390400000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-08-74-docs.googleusercontent.com/docs/securesc/6df3c3gc36ra6nddjrhssonjp31qhth7/ec4fq1fousvfmgrkcsap12caa7g27pg1/1479427200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vp5fr2tn4nsc2clet8925nlg68hshtl8/1475971200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0k-74-docs.googleusercontent.com/docs/securesc/l7k4ml62g39ihn7cmecbaj328asptvd1/cmimbllo3kq6bed04sotul1lij1knbdd/1477339200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqmldck5i6ke9p044e3t137oulrfaa0c/1481083200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/p5s1v5sftpns0psl6e2kb5fedsf7t5ae/1478131200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/aku7kdvn5bun6sgt9ktkn60nsbrnvhfo/1474675200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-00-docs.googleusercontent.com/docs/securesc/juh2eg15s83qs0s3iie7vl9nef7q13ke/q5589l3dc060uk41an6h2tbcdl108h75/1478376000000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-04-3c-docs.googleusercontent.com/docs/securesc/t0n9t3ijo1k0ofn8fjqgermilgh264c5/322na7m3thrhr95cjeptma97mjjod433/1477929600000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-10-7s-docs.googleusercontent.com/docs/securesc/97gm0vtihl624e05r4qjs5ls8lf84qcs/ot80j6hled5r5dc9qdai9grv49ubllco/1479664800000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0o-10-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/6p80to5mo923kpjq7v79fabtfp81tlt1/1476208800000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-00-94-docs.googleusercontent.com/docs/securesc/h2g1jnk5aoupr8h1cq4ovv86rfp8f6cj/ci84os7a27icpv5t3ffpvvm232l7l4vp/1477699200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0c-3o-docs.googleusercontent.com/docs/securesc/m88052sr79tasvr8k4p7i20fi6b0qonc/tue1f1fam17kap6vnues4frl92kjns2u/1473739200000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://doc-0k-1c-docs.googleusercontent.com/docs/securesc/nb1jra7e7c5ut6a9vuni9s8gpt8p3f5o/m7kl7p1g9vfucktu3la9iqlmkq3ql2f9/1477245600000/01013917327739089635/.../0B9nZPfior4CqNDZhZjkxNGJpNm8?e=download

https://web.telegram.org/.../KMSAuto_145888180640415951.exe

Latest 30 of 62 download URLs

Remove kmsauto.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.