× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 9c875dacdf050020e1085c6f3a109d29d45a9cb7e960a803f9920af2a851f60b
Nombre: KMSpico 10.1.5.exe
Detecciones: 44 / 68
Fecha de análisis: 2018-10-10 03:50:36 UTC ( hace 1 semana, 4 días )
Antivirus Resultado Actualización
Ad-Aware Adware.GenericKD.30476507 20181009
AhnLab-V3 HackTool/Win32.Crack.C509549 20181009
ALYac Adware.GenericKD.30476507 20181009
Antiy-AVL Trojan/Win32.AGeneric 20181009
Arcabit Adware.Generic.D1D108DB 20181009
Avast Win32:PUP-gen [PUP] 20181009
AVG Win32:PUP-gen [PUP] 20181009
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Adware.GenericKD.30476507 20181009
Bkav W32.HfsAdware.216A 20181009
CAT-QuickHeal Hacktool.Autokms 20181008
Cybereason malicious.47cda2 20180225
Cyren W32/Application.ENIL-3261 20181009
DrWeb Trojan.Moneyinst.709 20181009
Emsisoft Application.HackTool (A) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/HackTool.IdleKMS.E potentially unsafe 20181009
F-Prot W32/S-eb8730b5!Eldorado 20181009
F-Secure Adware.GenericKD.30476507 20181009
Fortinet Riskware/IdleKMS 20181009
GData BAT.Application.Agent.TPLV1J 20181009
Ikarus HackTool.AutoKMS 20181009
Sophos ML heuristic 20180717
K7AntiVirus Unwanted-Program ( 004b92a41 ) 20181009
K7GW Unwanted-Program ( 004b92a41 ) 20181009
Kaspersky not-a-virus:NetTool.Win64.RPCHook.a 20181009
MAX malware (ai score=100) 20181010
McAfee Crack-KMS 20181009
McAfee-GW-Edition Crack-KMS 20181009
Microsoft HackTool:Win32/AutoKMS 20181009
eScan Adware.GenericKD.30476507 20181009
NANO-Antivirus Riskware.Win32.ProcPatcher.dwzbol 20181009
Panda HackingTool/AutoKMS 20181009
Qihoo-360 HEUR/QVM42.1.Malware.Gen 20181010
Rising Malware.Undefined!8.C (TFE:C:bF111stUrOF) 20181009
Sophos AV KMS Activator (PUA) 20181009
Symantec Trojan.Gen.2 20181009
TrendMicro TROJ_GEN.R002C0ODE18 20181009
TrendMicro-HouseCall TROJ_GEN.R002C0ODE18 20181009
VIPRE Trojan.Win32.Generic!BT 20181009
ViRobot HackTool.KMSpico.3144408 20181009
Webroot W32.Hacktool.Kms 20181010
Yandex Riskware.NetTool! 20181008
ZoneAlarm by Check Point not-a-virus:NetTool.Win64.RPCHook.a 20181009
AegisLab 20181009
Alibaba 20180921
Avast-Mobile 20181009
Avira (no cloud) 20181009
Babable 20180918
Baidu 20181009
ClamAV 20181009
CMC 20181009
Comodo 20181009
CrowdStrike Falcon (ML) 20180723
Cylance 20181010
eGambit 20181010
Jiangmin 20181009
Kingsoft 20181010
Malwarebytes 20181009
Palo Alto Networks (Known Signatures) 20181010
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181009
Tencent 20181010
TheHacker 20181008
Trustlook 20181010
VBA32 20181009
Zillya 20181009
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
ByELDI

Product KMSpico
File version 10.1.5
Description KMSpico Setup
Comments This installation was built with Inno Setup.
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 4:47 AM 10/10/2018
Packers identified
F-PROT INNO, NSIS, Unicode, UPX, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000A5F8
Number of sections 8
PE sections
Overlays
MD5 af4825cc89b07c28a894963af87415bd
File type data
Offset 69120
Size 3075288
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
10.1.5.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
KMSpico Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
27648

EntryPoint
0xa5f8

MIMEType
application/octet-stream

LegalCopyright
ByELDI

FileVersion
10.1.5

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
10.1.5

UninitializedDataSize
0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
40448

ProductName
KMSpico

ProductVersionNumber
10.1.5.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 88b9fe947cda28e202dc252f2a008608
SHA1 58c66b0735e5a11e2e055633476581bf09e8d9e1
SHA256 9c875dacdf050020e1085c6f3a109d29d45a9cb7e960a803f9920af2a851f60b
ssdeep
49152:J9CG7N1khRPPtso7hoohcq4b4b7ctOvxS/4mKRdIUkwKSh0rJIjBuzW1:XLMVts+homrK4b7S1qSLguzW1

authentihash 716b8ce298d0aafb8bc30c44262227af5776cd910ea3c684e451264a1aaa3ee9
imphash 884310b1928934402ea6fec1dbd3cf5e
Tamaño del fichero 3.0 MB ( 3144408 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (70.2%)
Win32 Executable Delphi generic (9.0%)
Windows screen saver (8.3%)
Win32 Dynamic Link Library (generic) (4.2%)
Win32 Executable (generic) (2.8%)
Tags
nsis peexe upx overlay

VirusTotal metadata
First submission 2015-08-16 18:43:37 UTC ( hace 3 años, 2 meses )
Last submission 2018-10-10 03:50:36 UTC ( hace 1 semana, 4 días )
Nombres KMSpico_setup.exe
KMSpico_setup.exe
-.exe
KMSPIC~1.EXE
1 (6).exe
KMSpico 10.1.5.exe
58c66b0735e5a11e2e055633476581bf09e8d9e1.dropped
KMSpico.exe
AT10 By PHDowns.exe
KMSpico_setup.exe
filename
kmspico 10.1.5.exe
KMSpico_setup.exe
KMSpico_setup.ex_
KMSpico_setup.exe
B
KMSPICO_SETUP.EXE
AT10 by blog destilamente.exe
KMSpico_setup.exe
AT10.exe
224498
KMSpico_setup.exe
KMS.exe
KMSpico v10.1.5 Final.exe
KMSpico_setup.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs