Gridinsoft Logo

The AutoPico.exe (AutoPico) File Analysis

Updated 1 year ago
Checked by Malaware Check
AutoPico.exe

Technical Analysis

File Name AutoPico.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
SSDEEP Hash
6144:PBQ5SFgDZoQ4en4UgkPKPjmHzo9mfXOXD7ID3omUtu1omUt8AVSlf84mN6DDhBLA:PBq7bgkmsWT7I7omT1omoVSlK8bQF
Scanner Version 1.0.140.174
Database Version 2023-10-02 02:06:09 UTC

Suspicious File Detected

Detected by 53 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
74%
Detection Rate
745,664
File Size (bytes)
53/72
Engines Detected
2023-10-02
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
cfe1c391464c446099a5eb33276f6d57
SHA1
9999bfcded2c953e025eabaa66b4971dab122c24
SHA256
4a714d98ce40f5f3577c306a66cb4a6b1ff3fd01047c7f4581f8558f0bcdf5fa
SHA512
4119a1722202bbc33339747ea02fd35b327890d55bb472cd1e2146ca446d8ba6fddb1e8cf8bbfaeb08aec8ed2a9d5c0fa71b73510d409ffacd3908fa72bb53b4
ImpHash
f34d5f2d4577ed6d9ceec516c1f5a744

Security Engines with Detections (53 of 72)

Bkav
W32.Common.034D89F2 Malicious
Lionic
Hacktool.MSIL.KMSAuto.3!c Malicious
MicroWorld-eScan
Application.Hacktool.KMSActivator.AQ Malicious
CAT-QuickHeal
Trojan.YakbeexMSIL.ZZ4 Malicious
ALYac
Misc.HackTool.AutoKMS Malicious
VIPRE
Application.Hacktool.KMSActivator.AQ Malicious
Sangfor
Worm.Win32.Save.a Malicious
K7AntiVirus
Unwanted-Program ( 004d38111 ) Malicious
K7GW
Unwanted-Program ( 004d38111 ) Malicious
Cybereason
malicious.ded2c9 Malicious
Cyren
W32/S-eb8730b5!Eldorado Malicious
Symantec
PUA.Keygen.KMS!g2 Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
MSIL/HackTool.IdleKMS.O potentially unsafe Malicious
APEX
Malicious Malicious
ClamAV
Win.Malware.Agent-6348965-0 Malicious
Kaspersky
HackTool.MSIL.KMSAuto.dh Malicious
BitDefender
Application.Hacktool.KMSActivator.AQ Malicious
Avast
Win32:MiscX-gen [PUP] Malicious
Tencent
Malware.Win32.Gencirc.117eb32b Malicious
Emsisoft
Application.HackTool (A) Malicious
Zillya
Tool.IdleKMS.Win32.337 Malicious
TrendMicro
HackTool.MSIL.AutoKMS.PRK Malicious
McAfee-GW-Edition
PUP-FIY Malicious
FireEye
Generic.mg.cfe1c391464c4460 Malicious
Sophos
KMS Activator (PUA) Malicious
Ikarus
HackTool.KMSpico Malicious
Jiangmin
NetTool.RPCHook.f Malicious
Webroot
W32.Hack.Tool Malicious
Google
Detected Malicious
Microsoft
HackTool:MSIL/AutoKms Malicious
Xcitium
ApplicUnwnt@#2x4oauihw0e7x Malicious
Arcabit
Application.KMS Malicious
ViRobot
HackTool.AutoKMS.745664 Malicious
ZoneAlarm
HackTool.MSIL.KMSAuto.dh Malicious
GData
MSIL.Application.HackKMS.X Malicious
Cynet
Malicious (score: 100) Malicious
AhnLab-V3
HackTool/Win.AutoKMS.C948312 Malicious
McAfee
PUP-FIY Malicious
MAX
malware (ai score=100) Malicious
Cylance
unsafe Malicious
Panda
HackingTool/AutoKMS Malicious
Zoner
Trojan.Win32.65636 Malicious
TrendMicro-HouseCall
HackTool.MSIL.AutoKMS.PRK Malicious
Rising
PUF.HackKMS!1.AA7B (CLOUD) Malicious
Yandex
Trojan.Igent.bYD9vO.5 Malicious
SentinelOne
Static AI - Suspicious PE Malicious
MaxSecure
Trojan.Malware.8763703.susgen Malicious
Fortinet
MSIL/Generic.AP.10F928A!tr Malicious
BitDefenderTheta
Gen:NN.ZemsilF.36738.Tm1@aGhAk0g Malicious
AVG
Win32:MiscX-gen [PUP] Malicious
DeepInstinct
MALICIOUS Malicious
CrowdStrike
win/grayware_confidence_100% (W) Malicious
19 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x00400000
Entry Point 0x004b5ade
Compilation Time 2016-01-11 22:28:05
Checksum 0x000bb672 (Actual: 0x000bb672)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Digital Signature Chain verification from CN=@ByELDI (serial:-69403741341198612868765313511281709924, sha1:eaaf9045685acd5ad5846a5e9ee125d7aeac21c2) failed: Unable to build a validation path for the certificate "Common Name: @ByELDI" - no issuer matching "Common Name: @ByELDI Certificate Authority" was found
Imports 1 libraries
mscoree
Exports 0 functions
Resources 2 Resources
Sections 3 Sections

Digital Signatures

@ByELDI Certificate Authority ()
@ByELDI Certificate Authority ()
Thawte Timestamping CA Symantec Corporation (US)
Symantec Time Stamping Services CA - G2 Symantec Corporation (US)

Version Information

Translation 0x0000 0x04b0
Comments Portable
CompanyName @ByELDI
FileDescription AutoPico
FileVersion 16.1.0.0
InternalName AutoPico.exe
LegalCopyright
LegalTrademarks
OriginalFilename AutoPico.exe
ProductName AutoPico
ProductVersion 16.1.0.0
Assembly Version 16.1.0.0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00002000 735,972 bytes 736,256 bytes 6.32 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 149BCF24F1DC280BF094D79D8FA30752
.rsrc 0x000b6000 3,648 bytes 4,096 bytes 4.71 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E489E8D4908F8E684F5AAB6B28497C7A
.reloc 0x000b8000 12 bytes 512 bytes 0.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ DC3629355267911F132493F301A315E2

Resource Analysis

Total Resources: 2 (3,475 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 802 bytes
23.1%
RT_MANIFEST 1 2,673 bytes
76.9%

Certificate Chain Analysis

Certificate #1
Subject @ByELDI
Issuer @ByELDI Certificate Authority
Serial Number -69403741341198612868765313511281709924
Certificate #2
Subject @ByELDI Certificate Authority
Issuer @ByELDI Certificate Authority
Serial Number 49063419877276096425045120757534515564
Certificate #3
Subject Symantec Time Stamping Services CA - G2
Symantec Corporation
US
Issuer Thawte Timestamping CA
Serial Number 168250781398245547403531165097821404219
Certificate #4
Subject Symantec Time Stamping Services Signer - G4
Symantec Corporation
US
Issuer Symantec Time Stamping Services CA - G2
Serial Number 19688950797630895426199952712430983760
Certificate Verification Status

Chain verification from CN=@ByELDI (serial:-69403741341198612868765313511281709924, sha1:eaaf9045685acd5ad5846a5e9ee125d7aeac21c2) failed: Unable to build a validation path for the certificate "Common Name: @ByELDI" - no issuer matching "Common Name: @ByELDI Certificate Authority" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
53 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware
An unexpected error occurred. Please try again later.