Gridinsoft Logo
File Icon

The KMSAuto Net.exe (KMSAuto Net) File Analysis

Updated 7 months ago
Checked by Malware Check
KMSAuto Net.exe

Technical Analysis

File Name KMSAuto Net.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
SSDEEP Hash
196608:ZIywBGqyw1O3ywuywQywJywlywLywsywTyw9lywpywZywEywxywZywBywFywUywp:DwBGnw1PwjwNwkwIwuwxw2w9IwEwUwJD
Scanner Version 1.0.196.174
Database Version 2024-11-09 13:00:33 UTC

Suspicious File Detected

Detected by 46 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

AutoKMS is a tool associated with illegal Microsoft software activation that bypasses legitimate licensing processes. It introduces security risks and potential legal consequences.
64%
Detection Rate
8,599,288
File Size (bytes)
46/72
Engines Detected
2024-11-09
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
b9d0b1c63d81a546c6cf6fb800f881ab
SHA1
5c9d2bf13d98e65cd3e5bcd9ef3eafabc7fdedd3
SHA256
3c56387a047564ab68443d8c2f9f427933d5caa09354b60ebf1879a3f3862ceb
SHA512
76efa0b8db35d2a8d034f39b9e78b4ab5d5566bcc4df52ef924a1f037f44b10e327d9d8ea348bc8c98fff8afadce3d4f6d1032f2f8eefb1197c5b7644c4816b7
ImpHash
f34d5f2d4577ed6d9ceec516c1f5a744

Security Engines with Detections (46 of 72)

Bkav
W32.AIDetectMalware.CS Malicious
Lionic
Hacktool.Win32.AutoKMS.3!c Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Application.Hacktool.KMSActivator.X Malicious
CAT-QuickHeal
PUA.HacktoolFC.S17035616 Malicious
Skyhigh
Generic PUP.db Malicious
ALYac
Application.Hacktool.KMSActivator.X Malicious
Malwarebytes
HackKMS.HackTool.RiskWare.DDS Malicious
CrowdStrike
win/grayware_confidence_100% (W) Malicious
K7GW
Unwanted-Program ( 004d38111 ) Malicious
K7AntiVirus
Unwanted-Program ( 004d38111 ) Malicious
Arcabit
Application.Hacktool.KMSActivator.X Malicious
Symantec
Hacktool.Kms Malicious
ESET-NOD32
a variant of MSIL/HackKMS.I potentially unsafe Malicious
Paloalto
generic.ml Malicious
ClamAV
Win.Tool.Autokms-9829657-0 Malicious
Kaspersky
HackTool.MSIL.KMSAuto.ba Malicious
BitDefender
Application.Hacktool.KMSActivator.X Malicious
Tencent
Malware.Win32.Gencirc.114b0b64 Malicious
VIPRE
Application.Hacktool.KMSActivator.X Malicious
TrendMicro
HackTool.Win32.AutoKMS.AUSWV Malicious
McAfeeD
ti!3C56387A0475 Malicious
CTX
exe.hacktool.autokms Malicious
Sophos
KMS Activator (PUA) Malicious
Ikarus
HackTool.Win32.AutoKMS Malicious
FireEye
Generic.mg.b9d0b1c63d81a546 Malicious
Jiangmin
RiskTool.HackKMS.bg Malicious
Webroot
W32.Hack.Tool Malicious
Varist
W32/AutoKMS.F.gen!Eldorado Malicious
Antiy-AVL
HackTool/MSIL.KMSAuto Malicious
Kingsoft
MSIL.Riskware.KMSAuto.ba Malicious
Xcitium
ApplicUnwnt@#2dzwt0ve12h7t Malicious
Microsoft
HackTool:Win32/AutoKMS Malicious
ZoneAlarm
HackTool.MSIL.KMSAuto.ba Malicious
GData
Application.Hacktool.KMSActivator.X Malicious
AhnLab-V3
HackTool/Win32.AutoKMS.C2656265 Malicious
McAfee
Generic PUP.db Malicious
Cylance
Unsafe Malicious
Panda
HackingTool/AutoKMS Malicious
TrendMicro-HouseCall
HackTool.Win32.AutoKMS.AUSWV Malicious
Rising
Exploit.CVE-2012-0158!8.B68 (CLOUD) Malicious
Yandex
Trojan.Igent.bRV46u.1 Malicious
SentinelOne
Static AI - Malicious PE Malicious
MaxSecure
Trojan.Malware.73388769.susgen Malicious
Fortinet
Riskware/KMSAuto Malicious
DeepInstinct
MALICIOUS Malicious
26 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 7c527cd9cf664d4d93d62961b2149521
Fuzzy: d4bce5b2f880ce8ff726b9b396e3dd70
dHash: b369f1b1619132c0
Image Base 0x00400000
Entry Point 0x00c284fe
Compilation Time 2015-10-01 08:30:40
Checksum 0x0083c7b4 (Actual: 0x0083c7b4)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Digital Signature Chain verification from CN=Ratiborus MSFree Inc. (serial:40817367281780333941285904014118196625, sha1:1ac5317a27edd14d251767bfca3c38216ec3ca54) failed: The X.509 certificate provided is self-signed - "Common Name: Ratiborus MSFree Inc."
Imports 1 libraries
mscoree
Exports 0 functions
Resources 12 Resources
Sections 3 Sections

Version Information

Translation 0x0000 0x04b0
Comments
CompanyName MSFree Inc.
FileDescription KMSAuto Net
FileVersion 1.4.0
InternalName KMSAuto Net.exe
LegalCopyright
LegalTrademarks
OriginalFilename KMSAuto Net.exe
ProductName KMSAuto Net
ProductVersion 1.4.0
Assembly Version 1.4.0.0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00002000 8,545,540 bytes 8,545,792 bytes 7.07 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 70760C335ED10ECBAE2C2E50B0AD7F29
.rsrc 0x0082a000 48,188 bytes 48,640 bytes 4.62 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 223A8A5D174008C19C94927626BB7ACE
.reloc 0x00836000 12 bytes 512 bytes 0.08 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 09ED51275768C8E68164C1D7125B1378
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 12 (47,493 bytes)
Resource Type Count Total Size Percentage
RT_ICON 9 43,496 bytes
91.6%
RT_GROUP_ICON 1 132 bytes
0.3%
RT_VERSION 1 792 bytes
1.7%
RT_MANIFEST 1 3,073 bytes
6.5%

Certificate Chain Analysis

Certificate Information
Product KMSAuto Net
Description KMSAuto Net
File Version 1.4.0
Original Name KMSAuto Net.exe
Signing Date 08:32 AM 10/01/2015 (3565 days ago)
Verification Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers Ratiborus MSFree Inc.
Internal Name KMSAuto Net.exe
Certificate Chain Summary
Ratiborus MSFree Inc. #1 Primary
Validity Period: 2015-07-26 06:49:10 → 2039-12-31 23:59:59
Signature Algorithm: 1.3.14.3.2.29
Serial Number: 1E B5 23 94 D7 A0 F7 80 4A C8 F8 0D 76 13 95 91
Symantec Time Stamping Services CA - G2 #2 Chain
Validity Period: 2012-12-21 00:00:00 → 2020-12-30 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
Symantec Time Stamping Services Signer - G4 #3 Chain
Validity Period: 2012-10-18 00:00:00 → 2020-12-29 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
Microsoft Time-Stamp Service #4 Chain
Validity Period: 2015-03-20 17:32:03 → 2016-06-20 17:32:03
Signature Algorithm: sha1RSA
Serial Number: 33 00 00 00 71 B3 2E 8A 6B 82 AA 1F 4E 00 00 00 00 00 71
Microsoft Corporation #5 Chain
Validity Period: 2015-06-04 17:42:45 → 2016-09-04 17:42:45
Signature Algorithm: sha1RSA
Serial Number: 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
Microsoft Code Signing PCA #6 Chain
Validity Period: 2010-08-31 22:19:32 → 2020-08-31 22:29:32
Signature Algorithm: sha1RSA
Serial Number: 61 33 26 1A 00 00 00 00 00 31
Microsoft Time-Stamp PCA #7 Chain
Validity Period: 2007-04-03 12:53:09 → 2021-04-03 13:03:09
Signature Algorithm: sha1RSA
Serial Number: 61 16 68 34 00 00 00 00 00 1C

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from CN=Ratiborus MSFree Inc. (serial:40817367281780333941285904014118196625, sha1:1ac5317a27edd14d251767bfca3c38216ec3ca54) failed: The X.509 certificate provided is self-signed - "Common Name: Ratiborus MSFree Inc."

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
46 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware