» kmsserver.exe_recovered[2015-07-22.21.24.19].bak
Overview
Analysis
File Details

kmsserver.exe_recovered[2015-07-22.21.24.19].bak

The file kmsserver.exe_recovered[2015-07-22.21.24.19].bak has been detected as a potentially unwanted program by 15 anti-malware scanners.

File name:

MD5:

46a690b8fadfe726f09802b028c2f661

SHA-1:

3a19534afd5a67fb5e9e60938922dfa0880c670e

SHA-256:

5ad603b28cb7fb4d0ed37b813a74553e7f69e1980c3d860efb825dbeaf752a63

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

5/14/2024 9:16:56 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUP.Agent

7.1.1

Avira AntiVirus

APPL/HackKms.izs

8.3.1.6

AVG

Patched3_c

2016.0.3021

Baidu Antivirus

Hacktool.Win32.HackKMS

4.0.3.15810

Clam AntiVirus

Win.Trojan.Hackkms-2

0.98/20772

Comodo Security

TrojWare.Win32.HackKMS.DA

22976

ESET NOD32

Win32/HackKMS.N potentially unsafe application

7.0.302.0

Fortinet FortiGate

W32/Generic.AC.1533010

8/10/2015

F-Prot

W32/A-767bd2b9

v6.4.7.1.166

G Data

Win32.Riskware.HackKMS

15.8.25

K7 AntiVirus

Trojan

13.207.16840

McAfee

PUP-FUY

5600.6677

NANO AntiVirus

Trojan.Win32.KillFiles.dmuznx

0.30.24.3079

SUPERAntiSpyware

Trojan.Agent/Gen-HackMs

9699

VIPRE Antivirus

Trojan.Win32.Generic

42770

File size:

37.6 KB (38,454 bytes)

Common path:

C:\Windows\System32\kmsserver.exe_recovered[2015-07-22.21.24.19].bak

File PE Metadata

Compilation timestamp:

11/10/2013 2:18:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

768:ZxglSXl7sIKxj0yuv52OFF/n16CRqXwW214U/ZJ/A+:IlSKcvLFF/n1FcSPZBR

Entry address:

0x24E1

Entry point:

83, EC, 18, 8D, 44, 24, 04, 53, 55, 56, 57, 50, 68, 19, 00, 02, 00, 33, DB, 53, 68, 00, 93, 40, 00, 68, 02, 00, 00, 80, FF, 15, 1C, 30, 40, 00, BD, 28, A4, 40, 00, 85, C0, 0F, 85, D5, 00, 00, 00, 8B, 35, 4C, 30, 40, 00, 8D, 44, 24, 10, 50, 68, A8, A3, 40, 00, 53, 53, 68, 7C, 93, 40, 00, FF, 74, 24, 28, BF, 80, 00, 00, 00, 89, 7C, 24, 28, FF, D6, 8D, 44, 24, 10, 50, 68, A8, A2, 40, 00, 53, 53, 68, 8C, 93, 40, 00, FF, 74, 24, 28, 89, 7C, 24, 28, FF, D6, 8D, 44, 24, 10, 50, 68, 28, A3, 40, 00, 53, 53, 68, A4... 
[+]

Entropy:

7.5790

Code size:

8 KB (8,192 bytes)

Remove kmsserver.exe_recovered[2015-07-22.21.24.19].bak - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.