» kmsauto net.exe
Overview
Analysis
File Details

kmsauto net.exe

The executable kmsauto net.exe has been detected as malware by 26 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

kmsauto net.exe

Description:

KMS Auto Net

Version:

1.2.3.0

MD5:

9779a6c45f282b1634b87758f592c059

SHA-1:

92c21863f2e7df90427c36ff8cf1cfb8ca7bcd15

SHA-256:

d5efcbd6ac15da6b3ee538e0d66b578f935072c917ea23c0fb52b7aa9600aef3

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/25/2024 6:37:07 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11226213

523

avast!

MSIL:GenMalicious-PW [Trj]

2014.9-150830

AVG

BackDoor.Generic18

2016.0.3001

Baidu Antivirus

Hacktool.Win32.ProductKey

4.0.3.15830

Bitdefender

Trojan.Generic.11226213

1.0.20.1210

Comodo Security

UnclassifiedMalware

21727

Dr.Web

Trojan.Hosts.30519

9.0.1.0242

Emsisoft Anti-Malware

Trojan.Generic.11226213

8.15.08.30.08

ESET NOD32

MSIL/Injector.FSL (variant)

9.11458

Fortinet FortiGate

MSIL/Kryptik.UD!tr

8/30/2015

F-Secure

Trojan.Generic.11226213

11.2015-30-08_1

G Data

Trojan.Generic.11226213

15.8.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15563

Kaspersky

not-a-virus:PSWTool.Win32.ProductKey

14.0.0.1501

McAfee

Artemis!9779A6C45F28

5600.6657

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.11502.0

MicroWorld eScan

Trojan.Generic.11226213

16.0.0.726

NANO AntiVirus

Trojan.Win32.DownLoader10.cyjkvo

0.30.10.952

Norman

Suspicious_Gen4.GHCAZ

11.20150830

nProtect

Trojan.Generic.11226213

15.04.10.01

Panda Antivirus

Trj/CI.A

15.08.30.08

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Quick Heal

PSWTool.ProductKey.g5 (Not a Virus)

8.15.14.00

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

39244

File size:

5.2 MB (5,502,976 bytes)

Product version:

3.3.10.2

MSfree lnc . Ratibonorus. All rights resev

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

File PE Metadata

Compilation timestamp:

4/22/2014 5:36:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:7dnVx+W/oME9ypUZkSbTYBntGaO5Zzmlj1ZmsLR7j94VOObocmPC:ZjBoM+OU26+GaAtWBHRX4OOUa

Entry address:

0x26BF7

Entry point:

E8, 97, CF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03... 
[+]

Entropy:

7.9101 (probably packed)

Code size:

560 KB (573,440 bytes)

Remove kmsauto net.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.