The KMS exe File Malware Analysis

Technical Analysis

File Name	KMS.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version	1.0.217.174
Database Version	2025-05-27 00:00:19 UTC

Scan Another File

File Identification

Hash Type	Value	Action
MD5	884198022b9ca7b14788b2f53ebddfad
SHA1	9019265c7399389b8e4b46e9a7258205bfcc1c1a
SHA256	e1638f9a7e03a6e1469574883d7305f3a5fc1c19f6c1379fae038d6403e49847
SHA512	3b7aa30e21ae236190be651b1d7f10c3dde2503b1372f5b243f92095e913bccf4ffa508124d7cacc60774c7eb8814d951022aa6170dc2b3eee0498e6371190ee
ImpHash	7e0a0e8f80bbd1a9c0078e57256f1c3d

PE Analysis

Basic Information

▼

Icon	Hash: 8d9da329386d64d6b86a12bd2f986399 Fuzzy: 9043363bfee17e0d508057b9ae7189e9 dHash: 84b4b4d4c4ccccc0
Image Base	`0x140000000`
Entry Point	`0x140032690`
Compilation Time	2025-03-20 10:01:29
Checksum	0x00000000 (Actual: 0x0069edb7)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
PDB Path	`D:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb`
Digital Signature	No valid SignedData structure was found.
Imports	3 libraries KERNEL32, OLEAUT32, gdiplus
Exports	0 functions
Resources	28 Resources
Sections	7 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	307,038 bytes	307,200 bytes	6.49 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`5995623607A979A298A031454D097062`
`.rdata`	`0x0004c000`	76,718 bytes	76,800 bytes	5.27 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`BB9DEEC6C279C08D33B0F2F392FAF6CD`
`.data`	`0x0005f000`	59,732 bytes	7,168 bytes	3.10 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`F5FF774F0C52797DC0B5B074D91D548A`
`.pdata`	`0x0006e000`	13,068 bytes	13,312 bytes	5.59 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`012CCA679E6073E4A57CFE5D0AA7E15B`
`.didat`	`0x00072000`	880 bytes	1,024 bytes	3.07 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`8D174B3ED46B18209229717A096F9CE2`
`.rsrc`	`0x00073000`	54,616 bytes	54,784 bytes	6.47 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`E586DB3A4873EF6E8BCA12B170094C99`
`.reloc`	`0x00081000`	2,452 bytes	2,560 bytes	5.35 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`3EDFACE8C73D88F866B4E76630300093`

Resource Analysis

▼

Total Resources: 28 (52,885 bytes)

Resource Type	Count	Total Size	Percentage
PNG	2	7,077 bytes	13.4%
RT_ICON	7	35,875 bytes	67.8%
RT_DIALOG	6	2,916 bytes	5.5%
RT_STRING	11	5,038 bytes	9.5%
RT_GROUP_ICON	1	104 bytes	0.2%
RT_MANIFEST	1	1,875 bytes	3.5%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

The KMS.exe File Analysis