kmspico 10.1.2 final + portable.exe

The application kmspico 10.1.2 final + portable.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.uploadmax.net and multiple other hosts.
MD5:
bd5a11c0a3b7c59226ecbd9b7168dd03

SHA-1:
1113af97df30ae7d34ba41b7d28bee67404613a8

SHA-256:
43dfa216174d887e1671ec443bb63f158cf6066779a3626a832a71642b190eb1

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 5:15:32 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Hacktool.MSIL.IdleKMS
4.0.3.15814

ESET NOD32
MSIL/HackTool.IdleKMS.E potentially unsafe (variant)
9.12092

Fortinet FortiGate
Riskware/IdleKMS
8/14/2015

K7 AntiVirus
Unwanted-Program
13.208.16887

McAfee
Artemis!BD5A11C0A3B7
5600.6674

Microsoft Security Essentials
HackTool:Win32/AutoKMS
1.1.11903.0

Rising Antivirus
PE:Trojan.Win32.Generic.18F42DC9!418655689
23.00.65.15812

Sophos
Generic PUA NC (PUA)
4.98

File size:
4.5 MB (4,730,792 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\downloads\kmspico 10.1.2 final + portable.exe

File PE Metadata
Compilation timestamp:
2/15/2015 12:00:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:BF4xVUP/jIdhCrz5wti7n68MPvrU+aogvrDUQkw+bTPM2NfFl7yCg:7/jIdM/OtiIQ3ognUA+bTPtc

Entry address:
0x1D7CB

Entry point:
E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 20, B2, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 20, B2, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 20, B2, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 52, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
7.9877  (probably packed)

Code size:
162 KB (165,888 bytes)

The file kmspico 10.1.2 final + portable.exe has been seen being distributed by the following 8 URLs.

http://www.uploadmax.net/get_file.php?h=y2nqod41hm&d=q46ub5ccwur1s7&c=0&r=03AHJ_Vuv6YNSI-kMtDFwvDbI0wik19e4M77hQ3XNs3IeE29R8GezMvRyOd1sgX0jMh9Ljf949VI8cZlBEFOmgaEaChUgIQ5NyU4RRnDnnyrqPQM4aYzjjZB1zimkRGD3vh9HD988YIQ9t8VibOfSP-kz7Br2uboz8WjeGHxejnoOjNGowqkgoiiHU0_qs7pocSufBP0Uatcs4dz9FjphyKJUJ1FjTMqYFcOa7hCDECYXmoe29nJw67Kq1R8mE-_IB3c19Ld0CiJOYBAy1wVtV3EPymLSzPCtk68-LEim0pKdfNF-e4oLb4WiSfZ4NHb-LwDfJk9C_ynhub643nsWGr2Cfutjd7yMHdwXjWvzb2kwORmSqOsIOYo57lo-f5JtHDVVWo7FB64gd7mSeb8xC2wpDoKgdHjXZJrn2_k3xKY2h4QKXuy5FWqTtkdst7H2vMQ4dUmKxlZFTvFwyxHxYTpUnui_-BYsXnXIQo7GXoZLwFt49lgKmqLXW6gP43tpXGgI3WCSm-UbOUwuoYdBeKFBS-KBJQKCE3dQ_Bwjrt7cC63RSbjnqS6xGnROEuUZLsxnqj7HTCOEo4fOsKblvPsA8rXLUhDSNmSAIua-7XTN6ogtZlA9bWcgcTT0QldJdeUOLMX1MtRmaIwDETwiVtmLsxMLi_At87fLCDgghJyKt9PdF2C3fk-uju4lccxPW4Bz-3l3lO12TrpD8fH0xlTGexse4YnTVZWEY7hD7keNpYkqnAcMFcVSCZeHi5-f_xxdXYQf6KzdGDxWld52XKBGgrUsCbMOW91M6S6KnfEaJZ_qHPd8HqtF_yNuLaq9scwu0-hp0LFXF

http://am4-r1f1-stor02.uploaded.net/.../502e1928-9bcc-4811-8a55-c2eb4c4e4447

http://www.uploadmax.net/get_file.php?h=y2nqod41hm&d=mkcbm92yksvubi&c=0&r=03AHJ_VusmRlkR671RaSqKTLZEW5ufLni8N5xyqpXP5soFfI-rIcx8itDcinEMioKIFjksqXsFU2Ot8cs7miZpKDiVj-FhrO5VDF1FvWy3cjq7scVMSlrjjaeWNeJjda9mam6RzD3ZZPj2SCdFAXzizbrg-p-w9maHOH4On-4FvQIN20DXiJU295qWjXR4dNVCmOom0bTNbtY7BnthbPeYyLVMlXQc4Kl4jElqxNX5217W9JpVREtQblv2hqgy2eBUQYF_3im50Zod0t2d9XM8TgVKzkB1WStIjGsOoMkLiwgu15t2goqUqYbrG2UOX5piOxd5-0Ej_LqKWh1XR60NlOx3efnIhX8lSskbEpETqGxb1zLaTbOGkBnYG9e84_kr-7WyLNzoiQN5y-As79r_4azr4uG4Yw9m0ANUyZiLJrLjhaJXS2PIWX-WiG7e2pbm4XJ8dXWK7E0xqn2_tRR1sQCdAafamA4Hrgf9Msw1fx0-ro_7RW1g5OrTFoUHTaMYP-h4a9X6o_L_pE5Ddo2X-TjjURiKsNRJVbtrvbZyW78i2cxwyonmdbQmYb-LQzR3TfZd8GGO92R_TdU7uT0Q967qLvUjHtaBX4z9Z1yUCbzaUHRtXREnr9Eb-AyGNb9pbv-xJsZSwhU0vzZLkrVJi4f4No3AbCcNbd5HCS3LBupx1PmW7jD9l8PCgp19N7k853tlouHlOjkOIMTG-IVUJ7dcJOBcAR0rKN-QE8PWl471KbrtydIy3qdXqam0gU7neaexdxkSbGTya8ECO-ILuZKGtlsH6sZqFF87sSuivMPvrtxf54B9sB7rbIYDPCeC9x8_3trbvwVWUa8OPzgSXE4V6bIfTTC9QMHI5ppxOiuVM3Nvp3tAhgpDxzx_pRZhQ647LSo6AqIlGkuujZFr4ELMh2nu

http://rghost.net/download/7bPFp8gKZ/.../KMSpico 10.1.2 Final Portable.exe

Remove kmspico 10.1.2 final + portable.exe - Powered by Reason Core Security