» AutoKMS.exe
Overview
Analysis
File Details
Behaviors (1)

AutoKMS.exe

AutoKMS

The application AutoKMS.exe has been detected as a potentially unwanted program by 34 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named AutoKMS triggered to automatically run when the computer boots.

File name:

AutoKMS.exe

Publisher:

Microsoft* (Invalid match)

Product:

AutoKMS

Version:

2.0.0.0

MD5:

3ea36cac574929440369fd4500a8c260

SHA-1:

55679d569f1082112a6bd6a2c58cc285525ca237

SHA-256:

efca51e481452cb23f89f44016aef1ec4550e1827a5ac77ea15e36aeba14620d

Scanner detections:

34 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 11:22:15 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.4710784

1113

Agnitum Outpost

Trojan.Meredrop.ADQW

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2013.12.21

Avira AntiVirus

TR/Meredrop.A.13700

7.11.121.4

avast!

Win32:PUP-gen [PUP]

2014.9-140117

AVG

Generic18

2015.0.3591

Baidu Antivirus

Hacktool.Win32.Keygen

4.0.3.14117

Bitdefender

Trojan.Generic.4710784

1.0.20.85

Bkav FE

W32.Clod23f.Trojan

1.3.0.4613

Comodo Security

UnclassifiedMalware

17473

Dr.Web

Trojan.Click2.20860

9.0.1.017

Emsisoft Anti-Malware

Trojan.Generic.4710784

8.14.01.17.03

ESET NOD32

MSIL/HackKMS

8.9190

Fortinet FortiGate

W32/Dx.TRU!tr

1/17/2014

F-Prot

W32/MalwareF.AAEOQ

v6.4.7.1.166

F-Secure

Trojan.Generic.4710784

11.2014-27-01_2

G Data

Trojan.Generic.4710784

14.1.22

IKARUS anti.virus

Trojan.Win32.Meredrop

t3scan.2.2.29

K7 AntiVirus

Riskware

13.174.10588

McAfee

Generic.dx!58177776756F

5600.7247

Microsoft Security Essentials

HackTool:Win32/Keygen

1.165.247.01

MicroWorld eScan

Trojan.Generic.4710784

15.0.0.51

NANO AntiVirus

Trojan.Win32.Meredrop.ddrtd

0.28.0.57029

Norman

Suspicious_Gen2.CHQRZ

11.20140117

nProtect

Trojan.Generic.4721812

14.01.08.02

Panda Antivirus

W32/Vobfus.GEP.worm

14.01.17.03

Rising Antivirus

PE:Trojan.Win32.Generic.123C2FA5!305934245

23.00.65.14115

Sophos

Mal/Keygen-N

4.96

SUPERAntiSpyware

Trojan.Agent/Gen

10820

Trend Micro House Call

TROJ_MEREDROP.VH

7.2.17

Trend Micro

TROJ_MEREDROP.VH

10.465.17

Vba32 AntiVirus

Trojan.Genome.rb

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Meredrop

24574

ViRobot

Trojan.Win32.S.Agent.472576.D

2011.4.7.4223

File size:

461.5 KB (472,576 bytes)

Product version:

2.0.0.0

CODYQX4

Original file name:

AutoKMS.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\windows\autokms.exe

File PE Metadata

Compilation timestamp:

8/11/2010 12:37:58 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:tVz3zVkWg6B5EvXHCCnhmC8MX6rdfwifsyzfYuT7zZvw8+ngNxBgts6OUIOWdfLC:tdjVkWP6XTkC8Mq5ZtY

Entry address:

0x19CBE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.3400

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

95.5 KB (97,792 bytes)

Scheduled Task

Task name:

AutoKMS

Trigger:

Boot (Runs on boot)

Remove AutoKMS.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.