» KMSpico.exe
Overview
Analysis
File Details
Downloads (2)

KMSpico.exe

KMSpico portable

ByELDI 'nova-s release'

The executable KMSpico.exe has been detected as malware by 22 anti-virus scanners. The file has been seen being downloaded from mega.nz and multiple other hosts.

File name:

KMSpico.exe

Publisher:

ByELDI 'nova-s release'

Product:

KMSpico portable

Version:

MD5:

b24a5552f3d7ca9a0315d5f64592be2a

SHA-1:

05f680ce7c1472d249397ebb16c01d7ac901402d

SHA-256:

dd1541f0cab043213193654311acb8f47fc67c6e731d86bbf2d58ce4b7c676ac

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

11/24/2024 12:13:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.10015953

1093

avast!

Win32:Malware-gen

2014.9-140206

AVG

Dropper.Msil

2015.0.3571

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.1426

Bitdefender

Trojan.Generic.10015953

1.0.20.185

Bkav FE

W32.Clodeb5.Trojan

1.3.0.4923

Emsisoft Anti-Malware

Trojan.Generic.10015953

8.14.02.06.04

ESET NOD32

MSIL/HackTool.IdleKMS (variant)

8.9371

Fortinet FortiGate

W32/Generic!tr

2/6/2014

F-Secure

Trojan.Generic.10015953

11.2014-06-02_5

G Data

Trojan.Generic.10015953

14.2.24

IKARUS anti.virus

Virus.Dropper

t3scan.2.2.29

K7 AntiVirus

Riskware

13.175.11028

McAfee

Artemis!B24A5552F3D7

5600.7227

MicroWorld eScan

Trojan.Generic.10015953

15.0.0.111

NANO AntiVirus

Trojan.Win32..cnowpm

0.28.0.57473

Norman

Agent.AOQWC

11.20140206

nProtect

Trojan.Generic.10015953

14.02.02.01

Panda Antivirus

Suspicious file

14.02.06.04

Trend Micro House Call

TROJ_GEN.R0CBC0OLQ13

7.2.37

Trend Micro

TROJ_GEN.R0CBC0OLQ13

10.465.06

VIPRE Antivirus

Trojan.Win32.Generic

26060

File size:

1.3 MB (1,363,857 bytes)

Product version:

Original file name:

KMSpico.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\kmspico.9\kmspico.exe

File PE Metadata

Compilation timestamp:

5/10/2012 11:34:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:WEvpvLUyS1i0v1VxMM+l7RL4G00VzLw3olFSXxF7363A/MUaEgDVOlAU:tvdLUyCi0vHkcGJ5rFKbqE6oN

Entry address:

0x168CF

Entry point:

55, 8B, EC, 6A, FF, 68, 60, A0, 41, 00, 68, 60, 6A, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, DC, 81, 41, 00, 59, 83, 0D, 24, EB, 41, 00, FF, 83, 0D, 28, EB, 41, 00, FF, FF, 15, E0, 81, 41, 00, 8B, 0D, 04, CB, 41, 00, 89, 08, FF, 15, E4, 81, 41, 00, 8B, 0D, 00, CB, 41, 00, 89, 08, A1, E8, 81, 41, 00, 8B, 00, A3, 20, EB, 41, 00, E8, 1D, 01, 00, 00, 39, 1D, D0, C7, 41, 00, 75, 0C, 68, 58, 6A, 41, 00, FF, 15, EC, 81... 
[+]

Entropy:

7.3540

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

88.5 KB (90,624 bytes)

The file KMSpico.exe has been seen being distributed by the following 2 URLs.

https://mega.nz/temporary/.../xZ0B2JQQ

http://www50.uptobox.com/d/.../KMSpico.exe

Remove KMSpico.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.