Categories: CrackRisk

HackKMS.HackTool.RiskWare.DDS (file analysis)

The HackKMS.HackTool.RiskWare.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What HackKMS.HackTool.RiskWare.DDS virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Presents an Authenticode digital signature
Reads data out of its own binary image
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
CAPE detected the FloodFix malware family
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine HackKMS.HackTool.RiskWare.DDS?


File Info:
name: 898423A26470BB808AFF.mlwpath: /opt/CAPEv2/storage/binaries/9de947c4c948370bf7d848aba2916cbb0e892c4b5a3f750e2c6a80a6d91fad67crc32: 8A861BC7md5: 898423a26470bb808aff65b910765040sha1: c163bc628731188e7b661d88d38199fa4d3623acsha256: 9de947c4c948370bf7d848aba2916cbb0e892c4b5a3f750e2c6a80a6d91fad67sha512: dc754c4f55ff9d89dfbe95d6daa36c6871908f447732d092741984b6b5703feb2a20d89693dfb25ffaff203910c05d30bbf51c13845ff2f622ff6840b43f9c47ssdeep: 196608:tWm6Z2x2wGuKrXdpOxy6MZgt4/7/GXwm7xkvgOKHrubjhGae0cq2IBzKnUY:tWYxG5zOM6sgU7w2Bbjh2ptype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T14BA633B8998053F6F4802D347A1EB8E5140D342B1D4BFC256E0ADDC9BB78DD2A69970Fsha3_384: 8e36bdc4fedd88e9f1b6059309d4c6ddd966f2cf457a5d9f4f6e36a00c2ef33b378209d8261e4fb75b4ec1c14c609fd0ep_bytes: e9a0707aff008dbeeb4f7cff57eb0b90timestamp: 2018-09-05 16:09:49
Version Info:
ProductName: Office 2013-2016 C2R InstallFileDescription: Office 2013-2016 C2R InstallTranslation: 0x0000 0x04b0

HackKMS.HackTool.RiskWare.DDS also known as:

Bkav	W32.FloxitNV.PE
tehtris	Generic.Malware
MicroWorld-eScan	Application.Hacktool.ACG
FireEye	Generic.mg.898423a26470bb80
CAT-QuickHeal	W32.Pioneer.CZ1
Skyhigh	BehavesLike.Win32.Dropper.tc
McAfee	Dropper-FIY!898423A26470
Malwarebytes	HackKMS.HackTool.RiskWare.DDS
VIPRE	Application.Hacktool.ACG
Sangfor	Virus.Win32.Save.Floxif
K7AntiVirus	Unwanted-Program ( 004dc22a1 )
K7GW	Unwanted-Program ( 004dc22a1 )
CrowdStrike	win/malicious_confidence_90% (W)
BitDefenderTheta	AI:FileInfector.207622A70E
VirIT	Win32.FloodFix.A
Symantec	W32.Fixflo.B!inf
Elastic	Windows.Virus.Floxif
ESET-NOD32	Win32/Floxif.H
ClamAV	Win.Virus.Pioneer-9111434-0
Kaspersky	Virus.Win32.Pioneer.cz
BitDefender	Application.Hacktool.ACG
NANO-Antivirus	Virus.Win32.Pioneer.bvrqhu
Avast	Win32:FloxLib-A [Trj]
Tencent	Virus.Win32.Pionner.tt
Sophos	W32/Floxif-C
Baidu	Win32.Virus.Floxif.a
F-Secure	Trojan.TR/Floxif.FT
DrWeb	Win32.FloodFix.7
Zillya	Virus.Floxif.Win32.1
TrendMicro	PE_FLOXIF.D
Emsisoft	Application.Hacktool.ACG (B)
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=78)
GData	Application.Hacktool.ACG
Jiangmin	Win32/Pioneer.l
Webroot	W32.Hacktool.Kms
Google	Detected
Avira	TR/Floxif.FT
Varist	W32/Floxif.B
Antiy-AVL	Virus/Win32.Pioneer.cz
Kingsoft	Win32.Pioneer.CZ.2433
Xcitium	Packed.Win32.MUPX.Gen@24tbus
Arcabit	Application.Hacktool.ACG
ZoneAlarm	Virus.Win32.Pioneer.cz
Microsoft	HackTool:Win32/AutoKMS
Cynet	Malicious (score: 100)
AhnLab-V3	Win32/Fixflo.GEN
VBA32	Virus.Win32.Floxif.h
ALYac	Application.Hacktool.ACG
Cylance	unsafe
Panda	W32/Floxif.A
TrendMicro-HouseCall	PE_FLOXIF.D
Rising	Virus.Floxif!1.9BE6 (CLASSIC)
Yandex	Trojan.GenAsa!Lp+azLQ6WSQ
Ikarus	PUA.HackTool
Fortinet	W32/Pioneer.CZ!tr
AVG	Win32:FloxLib-A [Trj]
Cybereason	malicious.287311
DeepInstinct	MALICIOUS