kmspico 10.0.4.exe

The application kmspico 10.0.4.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from doc-10-04-docs.googleusercontent.com and multiple other hosts.
MD5:
198d778bf256de8f3a54dcf54a0aef30

SHA-1:
4a85d99bf83445c4b7a5fe235c23309b6a68c92b

SHA-256:
fe40a8edfb66763b3da0ecf9e0ade66fa588c7e1a3c5f5aa3ecccfc83b98350a

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
6/25/2018 7:23:15 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-150221

Baidu Antivirus
Adware.MSIL.OutBrowse
4.0.3.15221

Bkav FE
HW32.Packed
1.3.0.6379

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.2453

Trend Micro House Call
Suspicious_GEN.F47V0217
7.2.52

File size:
2.8 MB (2,900,642 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\kmspico 10.0.4.exe

File PE Metadata
Compilation timestamp:
1/31/2011 7:44:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:1QU2EP3fkYHRKuxael1/p4elEZ+uP5yKN9GSnj/xHGbCL0v5rGA7mzqV0zhrlt89:1QpEPF/x/R4VRhrGS0eLclGdU0zBlm0m

Entry address:
0x1D20

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

The file kmspico 10.0.4.exe has been seen being distributed by the following 3 URLs.

Remove kmspico 10.0.4.exe - Powered by Reason Core Security