home

kmspico_setup.exe

KMSpico

{6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

The executable kmspico_setup.exe has been detected as malware by 29 anti-virus scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware.
Publisher:
{6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}  (signed and verified)

Product:
KMSpico

Version:
9.1.3

MD5:
33017f2c46ef39c0ff11a18851f53e65

SHA-1:
19174eef360cd5c7b14a0641ab85597195fd6eb3

SHA-256:
d17925bf66ebb89a34dcacda2e8c6637520a88e49bdeb13822cebbd212165a85

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
4/27/2024 2:38:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Terkcop.29
306

Agnitum Outpost
Trojan.DR.MSIL
7.1.1

AhnLab V3 Security
Trojan/Win32.DarkKomet
2015.01.11

Avira AntiVirus
TR/Dropper.MSIL.Gen
7.11.200.132

avast!
MSIL:Injector-GL [Trj]
2014.9-160403

AVG
BackDoor.Generic18
2017.0.2784

Baidu Antivirus
Backdoor.Win32.DarkKomet
4.0.3.1643

Bitdefender
Gen:Variant.Terkcop.29
1.0.20.470

Comodo Security
UnclassifiedMalware
20663

ESET NOD32
MSIL/Injector.CNU (variant)
10.10995

Fortinet FortiGate
W32/DarkKomet.BRJM!tr.bdr
4/3/2016

G Data
Gen:Variant.Terkcop.29
16.4.24

IKARUS anti.virus
Trojan-Dropper.Win32.Dapato
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.190.14603

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.416

McAfee
Artemis!33017F2C46EF
5600.6440

Microsoft Security Essentials
Trojan:Win32/Malagent!gmb
1.11302

NANO AntiVirus
Trojan.Win32.DarkKomet.crhwmx
0.30.0.64448

Norman
Suspicious_Gen4.FMZID
11.20160403

Panda Antivirus
Generic Malware
16.04.03.07

Qihoo 360 Security
Win32/Backdoor.e26
1.0.0.1015

Quick Heal
Backdoor.DarkKomet.g3
4.16.14.00

Sophos
Mal/Cleaman-B
4.98

Trend Micro House Call
TROJ_SPNR.0BB414
7.2.94

Trend Micro
TROJ_SPNR.0BB414
10.465.03

Vba32 AntiVirus
Backdoor.DarkKomet
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36544

ViRobot
Backdoor.Win32.A.DarkKomet.4956192[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.DarkKomet.Win32.18449
2.0.0.2032

File size:
4.7 MB (4,956,192 bytes)

Product version:
9.1.3

Copyright:
By ELDI

Original file name:
.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
{6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

Authority:
{6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

Valid from:
12/7/2013 2:17:21 AM

Valid to:
12/7/2014 8:17:21 AM

Subject:
CN={6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

Issuer:
CN={6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

Serial number:
4061477664A360BC46AE5F2F20060943

File PE Metadata
Compilation timestamp:
12/13/2013 2:30:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:MCKc6ZGFqbVNnYcdGO3JJrkvpU/gOpfozj9++byMBFY:sEm

Entry address:
0x4B6C7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.7 MB (4,935,168 bytes)

Remove kmspico_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.