home

kmspico_setup.exe

KMSpico

ByELDI Certificate

The application kmspico_setup.exe, “KMSpico Setup ” by ByELDI Certificate has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer.
Publisher:
ByELDI Certificate  (signed and verified)

Product:
KMSpico

Description:
KMSpico Setup

Version:
9.1.3

MD5:
5dcd4746fd96ebbd311881d2eecd8d4a

SHA-1:
347b3da74ddf6f0b6c90a01dc69bb30c02ca2747

SHA-256:
e51888e1e6620812066930f6abf751a15a7397f14b75b23b081135e497e3b82d

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 12:30:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10249944
1013

AhnLab V3 Security
Trojan/Win32.Generic
2014.01.04

Avira AntiVirus
TR/Rogue.10053606
7.11.125.184

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.14427

Bitdefender
Trojan.Generic.10249944
1.0.20.585

Bkav FE
W32.Clod50c.Trojan
1.3.0.4613

Emsisoft Anti-Malware
Trojan.Generic.10249944
8.14.04.27.05

ESET NOD32
MSIL/HackTool.IdleKMS (variant)
8.9646

Fortinet FortiGate
W32/Generic!tr
4/27/2014

F-Secure
Trojan.Generic.10249944
11.2014-27-04_1

G Data
Trojan.Generic.10249944
14.4.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.175.10881

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3951

McAfee
Artemis!B028ED713E80
5600.7147

MicroWorld eScan
Trojan.Generic.10249944
15.0.0.351

NANO AntiVirus
Trojan.Win32..cnngav
0.28.0.57029

Norman
Troj_Generic.RMORJ
11.20140427

nProtect
Trojan.Generic.10249944
14.04.07.01

Reason Heuristics
PUP.Installer.ByELDICertificate.N
14.4.27.17

Sophos
Generic PUA OH
4.97

Trend Micro House Call
TROJ_GEN.F47V1202
7.2.117

Trend Micro
TROJ_GEN.R0CBC0OLP13
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic
28115

File size:
2.8 MB (2,935,928 bytes)

Product version:
9.1.3

Copyright:
ByELDI

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Digital Signature
Signed by:
ByELDI Certificate

Authority:
ByELDI Certificate

Valid from:
11/17/2013 8:41:41 PM

Valid to:
1/1/2040 1:59:59 AM

Subject:
CN=ByELDI Certificate

Issuer:
CN=ByELDI Certificate

Serial number:
AB81DC9F367529BE42665B07570FFA05

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:f9u54HuishZ9rxYyJ5nd2M+a8hmOmhDn5hqFx1ECQ/urbvleXz8WhxkLCmRhNZHO:FaRiOr7J5nE/VcOQn5haxmruYzlkOgKv

Entry address:
0xA5F8

Entry point:
60, C1, DD, E7, 0F, B3, CD, 80, EC, 80, 68, 33, 75, B6, 00, 68, EA, C9, D7, 00, 87, FA, 69, F3, 05, 37, D7, 87, C7, C0, F1, B3, BF, 72, D0, DE, C0, E7, 33, FF, C8, F7, C0, DF, 06, FD, DD, 0F, BC, F0, 33, C9, 45, 4E, 13, C2, 81, C9, BF, 74, 00, 00, C7, C7, D3, 5D, 2F, DB, 81, C1, E5, 6B, 00, 00, 8A, D4, 12, DC, 4D, 84, FD, F6, D2, 87, FD, C7, C0, 65, 06, A7, 6E, 0F, BC, C0, 0F, BA, F5, 1A, 0F, BB, F1, E8, EA, 00, 00, 00, 8D, 15, 74, 92, A3, 8D, 23, DE, C7, C5, 1D, 26, 86, E9, 31, D1, FF, C7, 89, F2, 8D, 1D...
 
[+]

Entropy:
7.9958  (probably packed)

Code size:
39.5 KB (40,448 bytes)

Remove kmspico_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.