home

7tkkmsa v1.5.1.exe

KMS Activator

7pm Tech

The application 7tkkmsa v1.5.1.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. While running, it connects to the Internet address rtr3.l7.search.vip.sg3.yahoo.com on port 443.
Publisher:
7pm Tech

Product:
KMS Activator

Version:
1.5.0.0

MD5:
5b4ea5d1305a9124f01eed1fc07f052a

SHA-1:
ec04b410b805a8588653a9996e4fbcb3b5687383

SHA-256:
5605ff3402f636837c0f971a8a34ed149df86ed40c1b1d58ef9e5e329d5f2034

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 1:24:23 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-131223

Baidu Antivirus
Malware.Win32.Activator
4.0.3.131223

Bkav FE
W32.Clod27b.Trojan
1.3.0.4613

Comodo Security
TrojWare.Win32.UMal.~A
17530

F-Prot
W32/Backdoor2.HMOZ
v6.4.7.1.166

IKARUS anti.virus
not-a-virus:Keygen.SuspectCRC
t3scan.2.2.29

K7 AntiVirus
Backdoor
13.174.10689

McAfee
Generic PUP.z!ou
5600.7272

Microsoft Security Essentials
HackTool:Win32/Keygen
1.165.247.01

Panda Antivirus
Trj/OCJ.A
13.12.23.09

Quick Heal
HackTool.Keygen (Not a Virus)
12.13.12.00

Sophos
Mal/Generic-S
4.96

Trend Micro House Call
TROJ_SPNR.03K512
7.2.357

Trend Micro
TROJ_SPNR.03K512
10.465.23

VIPRE Antivirus
HackTool.Win32.Keygen
24966

File size:
217.1 KB (222,276 bytes)

Product version:
1.5.0.0

Copyright:
Copyright © 7pm Tech 2012

Original file name:
KMS Activator.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\crack\7tkkmsa v1.5.1.exe

File PE Metadata
Compilation timestamp:
12/9/2010 8:58:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:r0DDDDDDDDDDDDDDDDDezDDDDDDDDDDDDDDDZDHogIk7hl:zog3hl

Entry address:
0x2E5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5523

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4 KB (4,096 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP):
Connects to lb-182-241.above.com  (103.224.182.241:80)

TCP (HTTP):
Connects to ec2-54-94-193-204.sa-east-1.compute.amazonaws.com  (54.94.193.204:80)

TCP (HTTP):
Connects to ec2-52-66-69-72.ap-south-1.compute.amazonaws.com  (52.66.69.72:80)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

Remove 7tkkmsa v1.5.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.