KMSpico.exe

KMSpico portable

ByELDI 'nova-s release'

The executable KMSpico.exe has been detected as malware by 22 anti-virus scanners. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
ByELDI 'nova-s release'

Product:
KMSpico portable

Version:
9

MD5:
b24a5552f3d7ca9a0315d5f64592be2a

SHA-1:
05f680ce7c1472d249397ebb16c01d7ac901402d

SHA-256:
dd1541f0cab043213193654311acb8f47fc67c6e731d86bbf2d58ce4b7c676ac

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
12/28/2024 9:33:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10015953
1093

avast!
Win32:Malware-gen
2014.9-140206

AVG
Dropper.Msil
2015.0.3571

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.1426

Bitdefender
Trojan.Generic.10015953
1.0.20.185

Bkav FE
W32.Clodeb5.Trojan
1.3.0.4923

Emsisoft Anti-Malware
Trojan.Generic.10015953
8.14.02.06.04

ESET NOD32
MSIL/HackTool.IdleKMS (variant)
8.9371

Fortinet FortiGate
W32/Generic!tr
2/6/2014

F-Secure
Trojan.Generic.10015953
11.2014-06-02_5

G Data
Trojan.Generic.10015953
14.2.24

IKARUS anti.virus
Virus.Dropper
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.11028

McAfee
Artemis!B24A5552F3D7
5600.7227

MicroWorld eScan
Trojan.Generic.10015953
15.0.0.111

NANO AntiVirus
Trojan.Win32..cnowpm
0.28.0.57473

Norman
Agent.AOQWC
11.20140206

nProtect
Trojan.Generic.10015953
14.02.02.01

Panda Antivirus
Suspicious file
14.02.06.04

Trend Micro House Call
TROJ_GEN.R0CBC0OLQ13
7.2.37

Trend Micro
TROJ_GEN.R0CBC0OLQ13
10.465.06

VIPRE Antivirus
Trojan.Win32.Generic
26060

File size:
1.3 MB (1,363,857 bytes)

Product version:
9

Original file name:
KMSpico.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmspico.9\kmspico.exe

File PE Metadata
Compilation timestamp:
5/10/2012 11:34:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:WEvpvLUyS1i0v1VxMM+l7RL4G00VzLw3olFSXxF7363A/MUaEgDVOlAU:tvdLUyCi0vHkcGJ5rFKbqE6oN

Entry address:
0x168CF

Entry point:
55, 8B, EC, 6A, FF, 68, 60, A0, 41, 00, 68, 60, 6A, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, DC, 81, 41, 00, 59, 83, 0D, 24, EB, 41, 00, FF, 83, 0D, 28, EB, 41, 00, FF, FF, 15, E0, 81, 41, 00, 8B, 0D, 04, CB, 41, 00, 89, 08, FF, 15, E4, 81, 41, 00, 8B, 0D, 00, CB, 41, 00, 89, 08, A1, E8, 81, 41, 00, 8B, 00, A3, 20, EB, 41, 00, E8, 1D, 01, 00, 00, 39, 1D, D0, C7, 41, 00, 75, 0C, 68, 58, 6A, 41, 00, FF, 15, EC, 81...
 
[+]

Entropy:
7.3540

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
88.5 KB (90,624 bytes)

The file KMSpico.exe has been seen being distributed by the following 2 URLs.

https://mega.nz/temporary/.../xZ0B2JQQ

Remove KMSpico.exe - Powered by Reason Core Security