kmsserver.exe

It runs as a separate (within the context of its own process) windows Service named “KMS Server Service”.
Scan kmsserver.exe - Powered by Reason Core Security
MD5:
611937da553c0000eba8802f017f849f

SHA-1:
7b5994f098621b03edb1126fb23098acb8ea7f37

SHA-256:
3a29dc29de857d7166ae866c633a36edfc049d7a9eb6befd0bc5554a9dee5639

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/5/2016 3:39:03 AM UTC  (today)

Scan engine
Detection
Engine version

Antiy Labs AVL
Trojan/Win32.TSGeneric
1.0.0.1

Baidu Antivirus
Hacktool.Win32.HackKMS
4.0.3.14610

ESET NOD32
Win32/HackKMS.N potentially unsafe application
7.0.302.0

File size:
37.6 KB (38,454 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\kmsserver.exe

File PE Metadata
Compilation timestamp:
11/10/2013 2:48:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
768:ZxglSXl7sIKxj0yuv52OFF/n16CRqXwW214U/ZJ/Af:IlSKcvLFF/n1FcSPZBM

Entry address:
0x24E1

Entry point:
83, EC, 18, 8D, 44, 24, 04, 53, 55, 56, 57, 50, 68, 19, 00, 02, 00, 33, DB, 53, 68, 00, 93, 40, 00, 68, 02, 00, 00, 80, FF, 15, 1C, 30, 40, 00, BD, 28, A4, 40, 00, 85, C0, 0F, 85, D5, 00, 00, 00, 8B, 35, 4C, 30, 40, 00, 8D, 44, 24, 10, 50, 68, A8, A3, 40, 00, 53, 53, 68, 7C, 93, 40, 00, FF, 74, 24, 28, BF, 80, 00, 00, 00, 89, 7C, 24, 28, FF, D6, 8D, 44, 24, 10, 50, 68, A8, A2, 40, 00, 53, 53, 68, 8C, 93, 40, 00, FF, 74, 24, 28, 89, 7C, 24, 28, FF, D6, 8D, 44, 24, 10, 50, 68, 28, A3, 40, 00, 53, 53, 68, A4...
 
[+]

Entropy:
7.5790

Code size:
8 KB (8,192 bytes)

Service
Display name:
KMS Server Service

Service name:
KMSServerService

Type:
Win32OwnProcess


Scan kmsserver.exe - Powered by Reason Core Security