home

AutoKMS.exe

AutoKMS

It runs as a separate (within the context of its own process) windows Service named “AutoKMS”. It runs as a scheduled task under the Windows Task Scheduler named AutoKMS triggered daily at a specified time.
Product:
AutoKMS

Version:
2.1.6.0

MD5:
3cb03c134f7307866b3c52735cdfae76

SHA-1:
53d5c81eee1d9397ad6657088a49d72343022203

SHA-256:
72c4eb2b4c64291204cd97e14c54b3b01dd4ad29bd4e57926977a8bf1094a688

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 8:11:07 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Keygen-92
0.98/22567

ESET NOD32
MSIL/HackKMS.A potentially unsafe application
6.3.12010.0

Microsoft Security Essentials
Unknown
1.233.80.0

File size:
717 KB (734,208 bytes)

Product version:
2.1.6.0

Copyright:
CODYQX4 & Bosh

Original file name:
AutoKMS.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\autokms\autokms.exe

File PE Metadata
Compilation timestamp:
5/22/2011 11:12:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:JR2NdjhtebYR/FZo5JWOqC+W/oju9e6F9I1O9UJUQTFgNZUjQGp5hWpRQ46B5EvL:JRMUJFqSelJhWpRq6XTkC8Mq5ZtY

Entry address:
0x59A0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
351 KB (359,424 bytes)

Scheduled Task
Task name:
AutoKMS

Trigger:
Daily (Runs daily at 16:46)

Action:
autokms.exe \application


Service
Display name:
AutoKMS

Type:
Win32OwnProcess


Scan AutoKMS.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.