» Windows 10 Permanent Activator Ultimate v1.3.exe
Overview
Analysis
File Details
Network (1)

Windows 10 Permanent Activator Ultimate v1.3.exe

Windows 10 Permanent Activator Ultimate

The executable Windows 10 Permanent Activator Ultimate v1.3.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address n1nw8shg121.shr.prod.ams1.secureserver.net on port 80 using the HTTP protocol.

File name:

Product:

Windows 10 Permanent Activator Ultimate

Version:

1.3.0.0

MD5:

d866ee15634ff86a446f1b457d23b3df

SHA-1:

8d099292555c58b34821b4e03c66c3cd04be38f7

SHA-256:

87b15213b87d491575dbd6e39753dc1c1f654294cf9e2852c2e17529e0da00d2

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/25/2024 7:17:48 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

24307

Kaspersky

not-a-virus:NetTool.Win64.RPCHook

15.0.0.562

Malwarebytes

CrackTool.KMSPico

v2016.02.23.09

Microsoft Security Essentials

Threat.Undefined

1.213.6622.0

Qihoo 360 Security

Win32/Virus.NetTool.99c

1.0.0.1120

Quick Heal

HackTool.AutoKMS.r3 (Not a Virus)

2.16.14.00

File size:

5.5 MB (5,812,736 bytes)

Product version:

1.3.0.0

Original file name:

Windows 10 Permanent Activator Ultimate v1.3.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\windows 10 permanent activator ultimate v1.3\windows 10 permanent activator ultimate v1.3.exe

File PE Metadata

Compilation timestamp:

2/19/2016 9:12:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

98304:xFeLgl95n537ZOYuAdBQugtjzW3upJyPxFw9gKaB3yEMNo1Lg0YOldWfCsfkj:Vz1ndWugN7pJyPxFOa5DMNoxgvOlIav

Entry address:

0x57312E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8372

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

5.4 MB (5,706,240 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to n1nw8shg121.shr.prod.ams1.secureserver.net (188.121.41.137:80)

Remove Windows 10 Permanent Activator Ultimate v1.3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.