home

kmscleaner.exe

WZT

The application kmscleaner.exe by WZT has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
WZT  (signed and verified)

MD5:
13ea767a7ba607744ebea7409b9f8649

SHA-1:
756b3b1b4fd159256af48c9c295ebf4a25adfc21

SHA-256:
a6e2cdc0e9426d50bd72d866bfc80e0fba941efb3ae6d1c564d409f57d1eb117

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:02:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MSFree.WZT.Meta (M)
16.2.27.17

File size:
581.1 KB (595,072 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
WZT

Authority:
WZT

Valid from:
11/8/2015 10:15:49 AM

Valid to:
1/1/1940 1:59:59 AM

Subject:
CN=WZT

Issuer:
CN=WZT

Serial number:
08A8E826950F1A9940262589FCAF0B8F

File PE Metadata
Compilation timestamp:
11/12/2015 9:40:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
6144:V43VpNSujUhXpLuB02+Dj7l3YQRmNv2MECnw1qT+TBo4iuprQiRTj8BtB8b5N1uV:VeVpN/j8LwayN3nQ8+T9VToBjW5NQK8D

Entry address:
0x1000

Entry point:
68, 48, 05, 00, 00, 68, 00, 00, 00, 00, 68, 08, 23, 48, 00, E8, D6, 81, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, CF, 81, 00, 00, A3, 0C, 23, 48, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, BC, 81, 00, 00, A3, 08, 23, 48, 00, B8, 38, DB, 44, 00, A3, 30, 23, 48, 00, E8, D2, 6B, 01, 00, E8, 7D, 5E, 01, 00, E8, F5, 44, 01, 00, E8, AB, 38, 01, 00, E8, 8F, 31, 01, 00, E8, A3, 2E, 01, 00, E8, 58, 2D, 01, 00, E8, 1D, 15, 01, 00, E8, 0C, 10, 01, 00, E8, D5, FF, 00, 00, E8, 66, F3, 00, 00...
 
[+]

Entropy:
6.8278

Packer / compiler:
PKLITE32, 0x1.1

Code size:
259.5 KB (265,728 bytes)

The file kmscleaner.exe has been seen being distributed by the following 9 URLs.

about:internet

http://download2069.mediafire.com/403ydjx5jlog/.../KMSCleaner.exe

http://download632.mediafire.com/mio94g3fz3lg/.../KMSCleaner.exe

http://download2069.mediafire.com/f6f1ff2jw3wg/.../KMSCleaner.exe

http://download2069.mediafire.com/fvzga7a6p5wg/.../KMSCleaner.exe

http://download632.mediafire.com/20l90uvg5l4g/.../KMSCleaner.exe

http://download632.mediafire.com/jp3q1x5fmz7g/.../KMSCleaner.exe

http://download2069.mediafire.com/3dn4o2wju0xg/.../KMSCleaner.exe

http://download2069.mediafire.com/gg464429poog/.../KMSCleaner.exe

Remove kmscleaner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.