× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf7ea402d800e3fc6a0cda2136afd044aa2f8a97182b7e527d3e1970303c0067
File name: AutoKMS.exe
Detection ratio: 18 / 46
Analysis date: 2013-12-17 19:39:30 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Yandex Trojan.DR.Agent!vUMtdLQQGW8 20131217
AntiVir TR/Dropper.Gen 20131217
Avast Win32:PUP-gen [PUP] 20131217
AVG HackTool.TEO 20131217
Bkav W32.QuintesLTJ.Trojan 20131217
Commtouch W32/Trojan.IOLG-8678 20131217
Comodo ApplicUnsaf.Win32.HackTool.AuToKMS.~ 20131217
ESET-NOD32 MSIL/HackKMS.A 20131217
Fortinet W32/CrackOffice.0A24!tr 20131217
Ikarus not-a-virus:Activator.MSOffice 20131217
Malwarebytes Trojan.AutoKMS 20131217
McAfee Generic KeyGen 20131217
McAfee-GW-Edition Generic KeyGen 20131217
Norman Suspicious_Gen2.PQUNW 20131217
Sophos AV Troj/AutoKMS-A 20131217
TrendMicro HKTL_HACKMS 20131217
TrendMicro-HouseCall HKTL_HACKMS 20131217
VIPRE Trojan.Win32.Generic!BT 20131217
Ad-Aware 20131211
AhnLab-V3 20131217
Antiy-AVL 20131217
Baidu-International 20131213
BitDefender 20131211
ByteHero 20130613
CAT-QuickHeal 20131217
ClamAV 20131217
CMC 20131217
DrWeb 20131217200948
Emsisoft 20131217
F-Prot 20131217
F-Secure 20131217
GData 20131217
Jiangmin 20131217
K7AntiVirus 20131217
K7GW 20131217
Kaspersky 20131217
Kingsoft 20130829
Microsoft 20131217
eScan 20131217
NANO-Antivirus 20131217
nProtect 20131217
Panda 20131217135221
Rising 20131217
SUPERAntiSpyware 20131217
Symantec 20131217
TheHacker 20131217
TotalDefense 20131217
VBA32 20131217194235
ViRobot 20131217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
CODYQX4 & Bosh

Product AutoKMS
Original name AutoKMS.exe
Internal name AutoKMS.exe
File version 2.2.2.0
Description AutoKMS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-29 18:08:25
Entry Point 0x0017C1DE
Number of sections 3
.NET details
Module Version ID 07b2ea71-1ff1-4fa3-842a-51406a79d1df
TypeLib ID 58acc958-754c-480c-9c3b-77a6573ae75e
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.2.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
AutoKMS

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
374272

EntryPoint
0x17c1de

OriginalFileName
AutoKMS.exe

MIMEType
application/octet-stream

LegalCopyright
CODYQX4 & Bosh

FileVersion
2.2.2.0

TimeStamp
2011:07:29 11:08:25-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
AutoKMS.exe

ProductVersion
2.2.2.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1548800

ProductName
AutoKMS

ProductVersionNumber
2.2.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 07605abeb10fc533881c91f19decf69a
SHA1 13ee8c9fce6f74512dcd188cca0655c5ede37612
SHA256 cf7ea402d800e3fc6a0cda2136afd044aa2f8a97182b7e527d3e1970303c0067
ssdeep
49152:osgtI+O8Rb37gDq6cXJaGJ2xv0IZy64hWpu:HgtI+tRb7gO/Ra

authentihash 768882ab0d8983d880e220530c146f1250ba78bb71e3b3b1d0740572ae1fe5b9
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.8 MB ( 1923584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (54.4%)
Win64 Executable (generic) (20.5%)
Microsoft Visual C++ compiled executable (generic) (12.2%)
Win32 Dynamic Link Library (generic) (4.8%)
Win32 Executable (generic) (3.3%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2011-08-02 14:23:58 UTC ( 7 years, 6 months ago )
Last submission 2018-11-29 14:19:18 UTC ( 2 months, 2 weeks ago )
File names AutoKMS.exe
autokms.exe
vt-upload-en1cb
AutoKMS1.exe
AutoKMS.exe
Auto.exe
13ee8c9fce6f74512dcd188cca0655c5ede37612
qwer.exe
virus.exe
262310f063e052176a92da6e79fa2758_AutoKMS.exe.safe
vt-upload-vjhq_
aaaa.exe
vt-upload-s21cn
vt-upload-nyrRs
07605ABEB10FC533881C91F19DECF69A_AutoKMS.exe
vt-upload-wq8oP
07605abeb10fc533881c91f19decf69a
AutoKMS_old.exe
vt-upload-ELoMK
ت
vt-upload-3_bzN
13EE8C9FCE6F74512DCD188CCA0655C5EDE37612
AutoKMS
1
A0010290.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Sophos
Possibly Unwanted Application labelled as Keygen. This is a term used to describe applications that, while not malicious, are generally considered unsuitable for business networks. More details about Sophos PUA classifications can be found at: https://www.sophos.com/en-us/support/knowledgebase/14887.aspx .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!