Gridinsoft Logo

The SECOH-QAD.exe File Analysis

Updated 1 year ago
Checked by Malaware Check
SECOH-QAD.exe

Technical Analysis

File Name SECOH-QAD.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
48:iluEJs+6z2rItbQLcX5c3RQlH52gdScX5aNBUv4Hvf1T14cMbRuqS:+uES+u2wpXGmdbXUJtmx
Scanner Version 1.0.168.174
Database Version 2024-03-08 18:00:37 UTC

Suspicious File Detected

Detected by 44 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

AutoKMS is a tool associated with illegal Microsoft software activation that bypasses legitimate licensing processes. It introduces security risks and potential legal consequences.
62%
Detection Rate
4,608
File Size (bytes)
44/71
Engines Detected
2024-03-08
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
38de5b216c33833af710e88f7f64fc98
SHA1
66c72019eafa41bbf3e708cc3824c7c4447bdab6
SHA256
9896a6fcb9bb5ac1ec5297b4a65be3f647589adf7c37b45f3f7466decd6a4a7f
SHA512
99b9a9d5970eb10a903bde703c638f7dc639eb4894dfd84d8d94ce1326087c09fa415ef5bc0db7fd0248827045de24b78a680f301a59395215e50051056d1490
ImpHash
80d4996be4f3279aee256ea8a8635393

Security Engines with Detections (44 of 71)

Lionic
Riskware.Win32.AutoKMS.1!c Malicious
tehtris
Generic.Malware Malicious
MicroWorld-eScan
Application.Hacktool.KMSActivator.HJ Malicious
CAT-QuickHeal
Risktool.Procpatcher Malicious
Skyhigh
BehavesLike.Win64.Injector.xt Malicious
McAfee
RDN/Hacktool KMS Malicious
Malwarebytes
RiskWare.AutoKMS Malicious
VIPRE
Application.Hacktool.KMSActivator.HJ Malicious
K7AntiVirus
Hacktool ( 000047b11 ) Malicious
Alibaba
HackTool:Win64/AutoKMS.190516 Malicious
K7GW
Hacktool ( 000047b11 ) Malicious
Cybereason
malicious.16c338 Malicious
Arcabit
Application.Hacktool.KMSActivator.HJ Malicious
Symantec
Hacktool Malicious
Elastic
malicious (high confidence) Malicious
ESET-NOD32
Win64/HackKMS.C potentially unsafe Malicious
APEX
Malicious Malicious
TrendMicro-HouseCall
HackTool.Win64.AUTOKMS.GAE Malicious
Kaspersky
not-a-virus:RiskTool.Win64.ProcPatcher.a Malicious
BitDefender
Application.Hacktool.KMSActivator.HJ Malicious
NANO-Antivirus
Riskware.Win64.HackKMS.eflxku Malicious
Emsisoft
Application.HackTool (A) Malicious
TrendMicro
HackTool.Win64.AUTOKMS.GAE Malicious
FireEye
Generic.mg.38de5b216c33833a Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
Webroot
W32.Hacktool.Gen Malicious
Google
Detected Malicious
Varist
W64/ABTrojan.EEJK-9329 Malicious
Antiy-AVL
RiskWare[RiskTool]/Win64.ProcPatcher.a Malicious
Xcitium
ApplicUnwnt@#ffnth9l2929q Malicious
Microsoft
HackTool:Win32/AutoKMS!pz Malicious
ZoneAlarm
not-a-virus:RiskTool.Win64.ProcPatcher.a Malicious
GData
Win64.Riskware.Agent.CCFMSH Malicious
Cynet
Malicious (score: 100) Malicious
AhnLab-V3
HackTool/Win.AutoKMS.C5228416 Malicious
ALYac
Application.Hacktool.KMSActivator.HJ Malicious
MAX
malware (ai score=99) Malicious
Cylance
unsafe Malicious
Yandex
Trojan.GenAsa!DQiVNWU6qt4 Malicious
Ikarus
HackTool.Win32.AutoKMS Malicious
MaxSecure
Trojan.Malware.2078299.susgen Malicious
Fortinet
Riskware/ProcPatcher Malicious
DeepInstinct
MALICIOUS Malicious
CrowdStrike
win/grayware_confidence_100% (W) Malicious
27 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x140001000
Compilation Time 2014-01-24 17:48:27
Checksum 0x00003f7d (Actual: 0x00003f7d)
OS Version 5.2
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 2 libraries
msvcrt, KERNEL32
Exports 0 functions
Resources 1 Resources
Sections 4 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 1,023 bytes 1,024 bytes 5.71 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 2087CE3B7F5940A3E4CDBCA11C9815DF
.rdata 0x00002000 1,328 bytes 1,536 bytes 3.83 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9FDFB5D778DD18B4FB57EBB90E9E681A
.pdata 0x00003000 48 bytes 512 bytes 0.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 63F90834BF508C3C466106A0FD9DF225
.rsrc 0x00004000 480 bytes 512 bytes 4.70 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8D096DE51D16180D98BA04BAD2632F19

Resource Analysis

Total Resources: 1 (381 bytes)
Resource Type Count Total Size Percentage
RT_MANIFEST 1 381 bytes
100%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
44 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware