home

mini-KMS_Activator_v1.053.exe

mini-KMS Activator v1.053 ENG

FreeSoft

The application mini-KMS_Activator_v1.053.exe, “mini-KMS Activator” has been detected as adware by 20 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from nas.simpy.be and multiple other hosts.
Publisher:
FreeSoft

Product:
mini-KMS Activator v1.053 ENG

Description:
mini-KMS Activator

Version:
1,0,5,3

MD5:
893d91fda6148e85f47148ba55931441

SHA-1:
fbea3ce0875e08071cf3951cc695b223df0c3430

SHA-256:
297cddc72f12a7d48661d506f772412f28e918e5f4ec6e9726192b04b224863a

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
4/20/2024 3:07:52 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/Tool.Keygen.102
7.11.122.154

AVG
Generic26
2014.0.3543

Baidu Antivirus
Hacktool.Win32.Activator
4.0.3.131127

Bkav FE
W32.Clodf0e.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt.Win32.CrackTool.Agent.~a
17516

ESET NOD32
Win32/HackKMS
7.9190

Fortinet FortiGate
W32/KeyGen.FD!tr
8/29/2013

F-Prot
W32/MalwareF.MUGU
v6.4.7.1.166

IKARUS anti.virus
possible-Threat.Activator.MSOffice
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10656

Malwarebytes
Riskware.Crk
v2013.08.29.12

McAfee
Crack-Generic
5600.7181

MicroWorld eScan
Win32/HackKMS.A
14.0.0.723

Norman
HackKMS.C
11.20130829

Reason Heuristics
PUP.FreeSoft.Y
14.3.1.0

Sophos
Troj/KeyGen-FD
4.96

Total Defense
malicious
37.0.10498

Trend Micro House Call
CRCK_CRACK
7.2.241

Trend Micro
CRCK_CRACK
10.465.29

VIPRE Antivirus
Trojan.Win32.Generic
24866

File size:
1 MB (1,069,056 bytes)

Product version:
1,0,5,3

Copyright:
© 2010, FreeSoft

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mini-kms_activator_v1.053.exe

File PE Metadata
Compilation timestamp:
2/6/2009 10:33:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
24576:IElG2al4r3OxNWGIUOnYYGpz2K6QWE83B:VlGrl4LPGlRp6tJh3

Entry address:
0x28ED30

Entry point:
60, BE, 15, 20, 59, 00, 8D, BE, EB, EF, E6, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 6D, C9, 28, 00, 57, 83, C3, 04, 53, 68, 17, CD, 0F, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9741  (probably packed)

Code size:
1016 KB (1,040,384 bytes)

The file mini-KMS_Activator_v1.053.exe has been seen being distributed by the following 6 URLs.

http://nas.simpy.be/webapi/FolderSharing/.../mini-KMS_Activator_v1.053.exe

https://mega.co.nz/temporary/.../fdwUCTSb

https://doc-0o-30-docs.googleusercontent.com/docs/securesc/fg652kqqqecl9k4me3rhuikfp08o2bci/no76t5tb0rka5a44c5f1ei6q1bjibiln/1473458400000/.../09270896935220565106/0B3SalEHK6R9-d2dnT1NNeE5VNW8?e=download

temp:mini-KMS_Activator_v1.053.exe

https://mega.co.nz/temporary/.../k0whFIhC

http://misterkaplan.free.fr/Office/.../mini-KMS_Activator_v1.053.exe

Remove mini-KMS_Activator_v1.053.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.