Crack

HackTool.Win32.KMSAuto.bgb removal guide

Malware Removal

The HackTool.Win32.KMSAuto.bgb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What HackTool.Win32.KMSAuto.bgb virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • CAPE detected the VMProtectStub malware family

How to determine HackTool.Win32.KMSAuto.bgb?


File Info:

name: 173B6225D42BE7ED0192.mlw
path: /opt/CAPEv2/storage/binaries/c5802c7fbad5cdf257bcc0f71e8b1c8853e06da411133b5dc78bd6c891f27500
crc32: 881263E8
md5: 173b6225d42be7ed01922f472a4bea18
sha1: e4449e49b8c9cb1196187f5bd12ef9322472647e
sha256: c5802c7fbad5cdf257bcc0f71e8b1c8853e06da411133b5dc78bd6c891f27500
sha512: 7f63ad8d65e59ecfa8a1a3ac1b1efdab815827961f742c0a90db5aa22a318099f926ab9552b1b2b548a7155d8677d41e6c0e95455ea3b1d0553b8efdb2baab39
ssdeep: 98304:vJa7rV2cdCMgB3/H9DS9Jg+51ZueZwQHf4R9p82nrMgV:vJGQMgBPH9m9Xux2f+vP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DF16337314391AB6E5AC42BEAAAC7F4EADFFCE7193A4407B515019F8452392354F820F
sha3_384: de57999cdc01ef64da3424fe4c0a5a48776028c578cacab0d640e2860e634bb19f061b8e84362f055b65c7a3ef5b43e2
ep_bytes: 9cc70424895a28d368a28584fec70424
timestamp: 2016-01-13 13:19:34

Version Info:

FileDescription: 暴风一键激活工具
FileVersion: 15.0.0.0
ProductName: 暴风一键激活工具
ProductVersion: 15.0.0.0
Translation: 0x0409 0x04e4

HackTool.Win32.KMSAuto.bgb also known as:

LionicHacktool.Win32.KMSAuto.3!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Bulz.192692
ALYacMisc.HackTool.KMSActivator
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 00564e8d1 )
AlibabaHackTool:Win32/KMSAuto.943523dd
K7GWRiskware ( 00564e8d1 )
Cybereasonmalicious.5d42be
BitDefenderThetaGen:NN.ZexaF.34712.!30@auR0Jkfi
Elasticmalicious (high confidence)
ESET-NOD32Win32/RiskWare.HackTool.WinActivator.C
TrendMicro-HouseCallTrojan.Win32.SCHOOLBOY.AG
KasperskyHackTool.Win32.KMSAuto.bgb
BitDefenderGen:Variant.Bulz.192692
TencentWin32.Trojan.Rogue.Oftt
Ad-AwareGen:Variant.Bulz.192692
SophosGeneric PUA OE (PUA)
ZillyaTrojan.Diple.Win32.100962
TrendMicroTrojan.Win32.SCHOOLBOY.AG
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.173b6225d42be7ed
EmsisoftGen:Variant.Bulz.192692 (B)
JiangminTrojan.Diple.bmov
WebrootW32.Malware.Gen
MAXmalware (ai score=99)
MicrosoftHackTool:Win32/WinActivator!MSR
ArcabitTrojan.Bulz.D2F0B4
GDataGen:Variant.Bulz.192692
CynetMalicious (score: 100)
AhnLab-V3HackTool/Win.AutoKMS.C4414616
McAfeeGenericRXNC-HK!173B6225D42B
VBA32Trojan.Wacatac
MalwarebytesRiskWare.KMS
APEXMalicious
RisingTrojan.Generic@AI.94 (RDMK:9cR4M8EO/gPwclC104PFAA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.11973.susgen
FortinetRiskware/Diple
PandaTrj/GdSda.A
CrowdStrikewin/grayware_confidence_100% (W)

How to remove HackTool.Win32.KMSAuto.bgb?

HackTool.Win32.KMSAuto.bgb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment