» Service_KMS.exe
Overview
Analysis
File Details

Service_KMS.exe

Service_KMS

@ByELDI

The application Service_KMS.exe by @ByELDI has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Service_KMS.exe

Publisher:

@ByELDI (signed and verified)

Product:

Service_KMS

Version:

13.1.0.0

MD5:

ef5feea5d8dd4b62650d4a6283b23703

SHA-1:

2f87316d78443344c674d57d75c9f6e199cd7476

SHA-256:

78d1629ee1f1676f197c62ce3ef9f5f2b26da8b0087480ab1328293734e939d7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 1:41:59 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ByELDI.Meta

15.4.25.2

File size:

955.7 KB (978,624 bytes)

Product version:

13.1.0.0

Original file name:

Service_KMS.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\vmwarednd\f0b55e21\{app}\service_kms.exe

Digital Signature

Signed by:

@ByELDI

Authority:

@ByELDI Certificate Authority

Valid from:

2/3/2014 5:17:06 PM

Valid to:

2/3/2044 5:17:06 PM

Subject:

CN=@ByELDI

Issuer:

CN=@ByELDI Certificate Authority

Serial number:

DC0E43711C7C40D18044372CAF69F6A1

File PE Metadata

Compilation timestamp:

3/9/2014 2:03:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:gWTWomT1omoVSlrYr5rNHXTrw90HSPxHZBhG34H7ZCwWc:gyiToYl8Tjr28SKI9Wc

Entry address:

0xEB9AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 86, 66, 1C, 53, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, C0, 0E, 00, 1C, 9E, 0E, 00, 52, 53, 44, 53, 46, BB, 67, C4, BC, 56, AE, 4A, 81, B1, 7D, A5, F0, 77... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

934.5 KB (956,928 bytes)

Remove Service_KMS.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.