» AutoKMS.exe
Overview
Analysis
File Details
Behaviors (1)

AutoKMS.exe

AutoKMS

The executable AutoKMS.exe has been detected as malware by 24 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named AutoKMS triggered daily at a specified time. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware.

File name:

AutoKMS.exe

Product:

AutoKMS

Version:

2.4.2.0

MD5:

7857ffe535290f52204677a49dda1e5e

SHA-1:

8b3994244328e95d3f6633f49b5480949b74ba46

SHA-256:

2f381191f395b34ef58912c4980b773fda93f05f86ac7eee3a6da56e26b18138

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/25/2024 4:04:56 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DR.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Inject

2014.01.09

Avira AntiVirus

TR/Dropper.Gen

7.11.124.62

AVG

Dropper.Generic8

2014.0.3614

Baidu Antivirus

Trojan.MSIL.Inject

4.0.3.131225

Bkav FE

W32.DropperMalagentG.Trojan

1.3.0.4613

Comodo Security

UnclassifiedMalware

17578

Dr.Web

Trojan.MulDrop4.31119

9.0.1.0359

Emsisoft Anti-Malware

Trojan.Win32.Agent

11.5.0.6191

ESET NOD32

MSIL/HackKMS.C potentially unsafe application

8.0.319.0

Fortinet FortiGate

W32/Generic!tr

12/25/2013

IKARUS anti.virus

Trojan.Win32.Malagent

t3scan.2.2.29

K7 AntiVirus

Riskware

13.173.9980

Kaspersky

Trojan.MSIL.Inject

15.0.0.562

McAfee

Artemis!7857FFE53529

5600.7270

Microsoft Security Essentials

Trojan:Win32/Malagent

1.165.247.01

NANO AntiVirus

Trojan.Win32.Inject.cbigzc

0.28.0.57029

Norman

Suspicious_Gen5.SBXW

11.20131225

Panda Antivirus

Trj/OCJ.E

13.12.25.06

Rising Antivirus

PE:Trojan.Win32.Generic.145F37EB!341784555

23.00.65.131223

Sophos

Mal/Generic-S

4.96

Trend Micro House Call

TROJ_SPNR.1CD513

7.2.359

Trend Micro

TROJ_SPNR.1CD513

10.465.25

VIPRE Antivirus

Trojan.Win32.Generic

25228

File size:

3.2 MB (3,372,032 bytes)

Product version:

2.4.2.0

CODYQX4

Original file name:

AutoKMS.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\autokms\autokms.exe

File PE Metadata

Compilation timestamp:

3/29/2013 9:22:50 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:r3NYwTkqrX5djSM6WP8VE1AWnjpVWuL5+er7mhcSUKIGBaQ6LncUymjcbS/Z:7Gq7iM6jWnjlLEer7eUKIG0h9Yb

Entry address:

0x2DD936

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

2.9 MB (2,996,736 bytes)

Scheduled Task

Task name:

AutoKMS

Trigger:

Daily (Runs daily at 11:37)

Remove AutoKMS.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.