» AutoPico.exe
Overview
Analysis
File Details
Behaviors (1)

AutoPico.exe

AutoPico

ByELDI Certificate

The application AutoPico.exe by ByELDI Certificate has been detected as a potentially unwanted program by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.

File name:

AutoPico.exe

Publisher:

ByELDI Certificate (signed and verified)

Product:

AutoPico

Version:

10.0.0.0

MD5:

a27d0f488ef199d06ac05e78cf41ccb7

SHA-1:

e431988709ce8cd90bd8837681b638cdb6d5e7f2

SHA-256:

e5df8d0c2ebc485b52338b55242b9efee27a1cd12114b9693002a8079e455361

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 8:15:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.10050438

409

AhnLab V3 Security

Trojan/Win32.ADH

2013.12.29

AVG

Dropper.Msil

2016.0.2887

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.151222

Bitdefender

Trojan.Generic.10050438

1.0.20.1780

Bkav FE

W32.Clod024.Trojan

1.3.0.4613

Emsisoft Anti-Malware

Trojan.Generic.10050438

8.15.12.22.08

ESET NOD32

MSIL/HackTool.IdleKMS (variant)

9.9190

Fortinet FortiGate

W32/Generic!tr

12/22/2015

F-Secure

Trojan.Generic.10050438

11.2015-22-12_3

G Data

Trojan.Generic.10050438

15.12.22

IKARUS anti.virus

Virus.Dropper

t3scan.2.2.29

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.931

McAfee

RDN/Generic Dropper!sk

5600.6543

MicroWorld eScan

Trojan.Generic.10050438

16.0.0.1068

NANO AntiVirus

Trojan.Win32..congbf

0.28.0.57029

Norman

Agent.AOQWC

11.20151222

nProtect

Trojan.GenericKD.1419735

14.01.15.01

Panda Antivirus

Generic Malware

15.12.22.08

Reason Heuristics

PUP.Optional.ByELDICertificate.Task

15.12.22.20

Trend Micro House Call

TROJ_GEN.R0CBC0PLM13

7.2.356

Trend Micro

TROJ_GEN.R0CBC0PLM13

10.465.22

VIPRE Antivirus

Trojan.Win32.Generic

24728

File size:

1 MB (1,051,416 bytes)

Product version:

10.0.0.0

Original file name:

AutoPico.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\kms\autopico.exe

Digital Signature

Signed by:

ByELDI Certificate

Authority:

ByELDI Certificate

Valid from:

11/17/2013 10:41:41 AM

Valid to:

12/31/2039 3:59:59 PM

Subject:

CN=ByELDI Certificate

Issuer:

CN=ByELDI Certificate

Serial number:

AB81DC9F367529BE42665B07570FFA05

File PE Metadata

Compilation timestamp:

12/11/2013 12:55:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:OfJahy8eaomT1omoVSl1VONHXTrw90HSPxHlipy8xmqZWybfFIzVAnq82:AUyrGToYljojr28zpy8xmqZDGgq82

Entry address:

0xFDA5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9269

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1007 KB (1,031,168 bytes)

Scheduled Task

Task name:

AutoPico Daily Restart

Trigger:

Daily (Runs daily at 11:59 AM)

Remove AutoPico.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.