home

AutoKMS.exe

AutoKMS

The application AutoKMS.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named AutoKMS triggered daily at a specified time.
Product:
AutoKMS

Version:
2.1.6.0

MD5:
7417267829b6b2733d724668def04fc8

SHA-1:
135c33b7082c42c7c1644ce8477383063d43280c

SHA-256:
dc42923eb3ba267266744271e9aaedbfc660483942067fe4f55d0dd92a34cb3e

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 10:41:04 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Gendal
7.1.1

Bkav FE
W32.QuintesLTK.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17447

ESET NOD32
MSIL/HackKMS
8.9176

IKARUS anti.virus
not-a-virus.Keygen.KMS
t3scan.2.2.29

Malwarebytes
Trojan.Agent.H
v2014.01.02.01

McAfee
Generic PUP.z!gp
5600.7262

Microsoft Security Essentials
HackTool:Win32/Keygen
1.163.1557.0

Norman
Suspicious_Gen2.NOZBW
11.20140102

Rising Antivirus
PE:Malware.MSIL.Injector!1.9C4B
23.00.65.131231

Sophos
Generic PUA FD
4.96

Trend Micro House Call
TROJ_SPNR.0BJS11
7.2.2

Trend Micro
TROJ_SPNR.0BJS11
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic
24402

File size:
737 KB (754,688 bytes)

Product version:
2.1.6.0

Copyright:
CODYQX4 & Bosh

Original file name:
AutoKMS.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\windows\autokms\autokms.exe

File PE Metadata
Compilation timestamp:
5/23/2011 4:12:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:7R2NdjhtebYR/FZo5JWOqC+W/oju9e6F9I1O9UJUQTFgNZUjQGp5hWpRQ+6B5EvQ:7RMUJFqSelJhWpRo6XTkC8Mq5ZtY

Entry address:
0x59A0E

Entry point:
FF, 25, 00, 20, 40, 00, 8D, 96, 05, 6E, 05, A5, 86, C9, F7, D2, F7, D2, B9, E9, 03, D6, 23, 8A, C8, 8B, CA, B5, 1C, F6, D6, B5, 5B, FC, 87, C9, 87, D1, B1, 54, F7, D2, 86, C9, 7F, 2E, FC, F6, D5, 90, E9, 6F, 15, 06, 00, BA, D3, 3C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 07, 0F, 27, FB, 0F, D6, EA, 32, A4, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 37, A1, BF, 74, 00, 43, 77, B6, 00, AB, 00, CB, AF, A1, 32, 7A, 00...
 
[+]

Entropy:
5.7697

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
351 KB (359,424 bytes)

Scheduled Task
Task name:
AutoKMS

Trigger:
Daily (Runs daily at 7:59 PM)


Remove AutoKMS.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.