× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2ffd0bc5e055e519fd3006bfdae422327d8e01310eae528267014c54293bfa4
File name: KMSEmulator.exe
Detection ratio: 27 / 43
Analysis date: 2011-02-11 17:33:20 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AVG BackDoor.Hackdoor.R 20110211
AhnLab-V3 Trojan/Win32.Gen 20110206
AntiVir SPR/Tool.Keygen.BI.38 20110211
Avast Win32:Malware-gen 20110211
Avast5 Win32:Malware-gen 20110211
CAT-QuickHeal HackTool.Keygen.a (Not a Virus) 20110211
Commtouch W32/MalwareF.RBHI 20110211
Comodo UnclassifiedMalware 20110211
Emsisoft possible-Threat.Crack.MSO!IK 20110211
F-Prot W32/MalwareF.RBHI 20110204
Fortinet W32/Keygen.DX!tr 20110211
GData Win32:Malware-gen 20110211
Ikarus possible-Threat.Crack.MSO 20110211
K7AntiVirus Riskware 20110211
McAfee Generic.dx!uqo 20110211
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C!89 20110211
Microsoft HackTool:Win32/Keygen 20110211
NOD32 a variant of Win32/HackKMS.A 20110211
Norman W32/Suspicious_Gen2.FAHTA 20110211
PCTools Trojan.Gen 20110211
Panda Trj/CI.A 20110211
Sophos Troj/Keygen-DX 20110211
Symantec Trojan.Gen.2 20110211
TrendMicro TROJ_GEN.R47C3LC 20110211
TrendMicro-HouseCall TROJ_GEN.R47C3LC 20110211
VIPRE HackTool.Win32.Keygen 20110211
eSafe Win32.SPRTool.Keygen 20110210
Antiy-AVL 20110211
BitDefender 20110211
ClamAV 20110211
DrWeb 20110211
F-Secure 20110211
Jiangmin 20110211
Kaspersky 20110211
Prevx 20110211
Rising 20110211
SUPERAntiSpyware 20110211
TheHacker 20110210
VBA32 20110211
ViRobot 20110211
VirusBuster 20110211
eTrust-Vet 20110211
nProtect 20110202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block
Product localhost
Original name localhost.dll
Internal name localhost
File version 6.0
Description Local KMS Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-08-07 12:34:56
Link date 1:34 PM 8/7/2009
Entry Point 0x00028620
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
NdrServerCall2
wsprintfA
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
6

FileVersionNumber
6.0.0.0

UninitializedDataSize
86016

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
4096

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
6.0

TimeStamp
2009:08:07 13:34:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
localhost

FileAccessDate
2014:04:14 13:06:12+01:00

ProductVersion
6.0

FileDescription
Local KMS Host

OSVersion
4.0

FileCreateDate
2014:04:14 13:06:12+01:00

OriginalFilename
localhost.dll

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
77824

ProductName
localhost

ProductVersionNumber
6.0.0.0

EntryPoint
0x28620

ObjectFileType
Dynamic link library

File identification
MD5 cf7498ada4ac2f50e5ca72205865d7ce
SHA1 b97d98cd50ea1c8d1d471043bc21bd95ff73b6d3
SHA256 a2ffd0bc5e055e519fd3006bfdae422327d8e01310eae528267014c54293bfa4
ssdeep
1536:AmO/4ZLqopD6C+ZHGslB7MuNp+eudFew7WgPEXKOtnjuSGedEO:ABkLdpD6C+ZHGu7MuX+eudHlPEaOJuS

imphash 470ec49a1ecf20c90e87dd24accf9503
File size 77.0 KB ( 78848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (63.7%)
Win32 Dynamic Link Library (generic) (15.7%)
Win32 Executable (generic) (10.8%)
Generic Win/DOS Executable (4.8%)
DOS Executable Generic (4.8%)
Tags
peexe mz

VirusTotal metadata
First submission 2010-11-12 03:27:22 UTC ( 3 years, 5 months ago )
Last submission 2014-04-14 12:05:23 UTC ( 2 days, 7 hours ago )
File names KMSEmulator.eee
KMSEmulator.exe
localhost.dll
KMSEmulator.exe11
A0081876.exe
KMSEMULATOR.EXE
KMSEmulator.exe.mwt
KMSEmulator.exe
tor.exe
cf7498ada4ac2f50e5ca72205865d7ce
4
KMSEmulator.vxe
1.exe
a2ffd0bc5e055e519fd3006bfdae422327d8e01310eae528267014c54293bfa4
KMSEmulator.exe
file-2955544_exe
b97d98cd50ea1c8d1d471043bc21bd95ff73b6d3.bin
KMSEmulator.exe
A0003604.exe
KMSEmulator.exe
KMSEmulator_old.exe
Keygen.exe
b97d98cd50ea1c8d1d471043bc21bd95ff73b6d3
kmsemulator.exe
localhost
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!