» Windows KMS Activator Ultimate 2016 v2.7.exe
Overview
Analysis
File Details
Network (1)

Windows KMS Activator Ultimate 2016 v2.7.exe

Windows KMS Activator Ultimate 2016

The executable Windows KMS Activator Ultimate 2016 v2.7.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address n1nw8shg121.shr.prod.ams1.secureserver.net on port 80 using the HTTP protocol.

File name:

Product:

Windows KMS Activator Ultimate 2016

Version:

2.7.0.0

MD5:

b7585d60673f25347824f136cd3f2a02

SHA-1:

d675b47427715f0d23e9e0ab4f6756a6c1b58478

SHA-256:

847948e942d79d6d0c7e52c4428cbc63477d089bd97ab71324283212610ce2ab

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/26/2024 6:00:12 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Hacktool.Win64.RPCHook

4.0.3.151226

ESET NOD32

MSIL/Riskware.HackTool.WinActivator (variant)

9.12757

Fortinet FortiGate

Riskware/RPCHook

12/26/2015

Kaspersky

not-a-virus:NetTool.Win64.RPCHook

14.0.0.912

Microsoft Security Essentials

HackTool:Win32/AutoKMS

1.1.12400.0

Panda Antivirus

Trj/CI.A

15.12.26.03

Sophos

Generic PUA NG (PUA)

4.98

File size:

18.7 MB (19,581,952 bytes)

Product version:

2.7.0.0

Original file name:

Windows KMS Activator Ultimate 2016 v2.7.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\windows kms activator ultimate 2016 v2.7\windows kms activator ultimate 2016 v2.7.exe

File PE Metadata

Compilation timestamp:

12/19/2015 2:10:01 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

80.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

393216:gdWuKHyPx8uDDGT2RKN/Hiu0MTXldf9QZkjjqgU57xMgHT9yWXV:mMSp8tMJu0MTNQoSfL

Entry address:

0x1294E76

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9238 (probably packed)

Code size:

18.6 MB (19,476,480 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to n1nw8shg121.shr.prod.ams1.secureserver.net (188.121.41.137:80)

Remove Windows KMS Activator Ultimate 2016 v2.7.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.