home

kmspico_setup.exe

@ByELDI

The executable kmspico_setup.exe has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
@ByELDI  (signed and verified)

MD5:
bbaa9550d0de0a9c8b357e203d7479ac

SHA-1:
e641072ec85e9eefa075d10c0d691464bd1ace1a

SHA-256:
0f71edeba50324377699f3bae51c9e3be8a67eab824b0190608e2300d22fa170

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 12:41:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
KeycodeTool.ByELDI.Installer.Meta (M)
16.5.25.14

File size:
2.8 MB (2,960,752 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\microsoft office 2013 professional plus x86 x64 en-us final\activators\kmspico\kmspico_setup.exe

Digital Signature
Signed by:
@ByELDI

Authority:
@ByELDI Certificate Authority

Valid from:
1/31/2015 6:14:25 PM

Valid to:
1/31/2045 6:14:25 PM

Subject:
CN=@ByELDI

Issuer:
CN=@ByELDI Certificate Authority

Serial number:
E166DBB2A549D1B4BAFB184E9A4E4F19

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:832TfoqZWby0y6Y0mIAAftQEhidjhGWFf6MXtCGT6PEfivRmJOMJ3zUHuzWD:gCZY7lmIAAftoN6M5T6PtRmkwUHuzWD

Entry address:
0xA5F8

Entropy:
7.9431  (probably packed)

Code size:
39.5 KB (40,448 bytes)

Remove kmspico_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.