AutoPico.exe

AutoPico

ByELDI Certificate

The application AutoPico.exe by ByELDI Certificate has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including KMSpico v9.1.3 and KMSpico. While running, it connects to the Internet address 207_223_123_18.colo.teklinks.net on port 13.
Publisher:
ByELDI Certificate  (signed and verified)

Product:
AutoPico

Version:
10.0.0.0

MD5:
e3fea8060978eab6fa5d40e74de6308b

SHA-1:
565b047c9230e7daec470e097df2e68940bdabeb

SHA-256:
480ca9086fd1999975c1c060a36c57a746f87e51681417d8c8b89648796f78ca

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
2/15/2017 2:19:03 AM UTC  (nine months ago)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/HackTool.IdleKMS.C potentially unsafe application
6.3.12010.0

Reason Heuristics
PUP.Optional.ByELDICe.Task
17.2.14.21

File size:
1 MB (1,051,416 bytes)

Product version:
10.0.0.0

Original file name:
AutoPico.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kmspico\autopico.exe

Digital Signature
Authority:
ByELDI Certificate

Valid from:
11/17/2013 6:41:41 PM

Valid to:
12/31/2039 11:59:59 PM

Subject:
CN=ByELDI Certificate

Issuer:
CN=ByELDI Certificate

Serial number:
AB81DC9F367529BE42665B07570FFA05

File PE Metadata
Compilation timestamp:
12/11/2013 8:55:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:OfJahy8eaomT1omoVSldVONHXTrw90HSPxHlipy8xmqZWybfFIzVAnq82:AUyrGToYlLojr28zpy8xmqZDGgq82

Entry address:
0xFDA5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1007 KB (1,031,168 bytes)

Scheduled Task
Task name:
autopico daily restart

Trigger:
Daily (Runs daily at 22:59)

Action:
autopico.exe \silent


The file AutoPico.exe has been discovered within the following programs.

About 8% of users remove it
About 4% of users remove it
 
Powered by Should I Remove It?

The file AutoPico.exe has been seen being distributed by the following URL.

about:internet

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:13)

TCP:
Connects to time-d.nist.gov  (129.6.15.27:13)

TCP:
Connects to 207_223_123_18.colo.teklinks.net  (207.223.123.18:13)

TCP:
Connects to time-c.nist.gov  (129.6.15.30:13)

TCP:
Connects to nist1-lnk.binary.net  (216.229.0.179:13)

TCP:
Connects to utcnist2.colorado.edu  (128.138.141.172:13)

TCP:
Connects to india.colorado.edu  (128.138.140.44:13)

TCP:
Connects to nisttime.edzone.net  (198.111.152.100:13)

TCP:
Connects to host-24-56-178-140.beyondbb.com  (24.56.178.140:13)

TCP:
Connects to nist.netservicesgroup.com  (64.113.32.5:13)

TCP:
Connects to nist-time-server.eoni.com  (216.228.192.69:13)

TCP:
Connects to unallocated.barefruit.co.uk  (92.242.132.15:13)

TCP:
Connects to multimedia-redir.interia.pl  (217.74.65.145:13)

TCP:
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:13)

Remove AutoPico.exe - Powered by Reason Core Security