kmspico 10.0.8.exe

The application kmspico 10.0.8.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from drive.google.com and multiple other hosts.
MD5:
d8295d5662323c1252f8041391793b73

SHA-1:
093be27a3d2fb4b15648b7ba16664368cf181214

SHA-256:
a1c3f17e125fdf3353055841a6c2d3a2a3f070ac7911ebf07a984b481f282e89

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/15/2024 7:19:07 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-150401

Baidu Antivirus
Trojan.BAT.Small
4.0.3.1541

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
UnclassifiedMalware
21617

ESET NOD32
BAT/TrojanClicker.Small.NCJ
9.11413

Fortinet FortiGate
Adware/OutBrowse
4/1/2015

G Data
Win32.Trojan.Agent.R9ITQ8
15.4.25

herdProtect (fuzzy)
2015.7.6.19

IKARUS anti.virus
Trojan.BAT.Trojanclicker
t3scan.1.8.9.0

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.2255

McAfee
Artemis!D8295D566232
5600.6808

Panda Antivirus
Generic Suspicious
15.04.01.10

Qihoo 360 Security
HEUR/QVM07.1.Malware.Gen
1.0.0.1015

Sophos
Generic PUA AJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V0330
7.2.91

File size:
1.7 MB (1,829,459 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\kmspico 10.0.8.exe

File PE Metadata
Compilation timestamp:
1/31/2011 11:44:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:FQ72tv8RgLrDYVHrSZGBDHEvRFrxDz19gIGf98zikyGPUT:FQ722eLrDUS0RyBDB9quziUE

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Entropy:
7.9902

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file kmspico 10.0.8.exe has been seen being distributed by the following 2 URLs.

Remove kmspico 10.0.8.exe - Powered by Reason Core Security