Categories: Crack

HackTool.Win32.KMSAuto.ep malicious file

The HackTool.Win32.KMSAuto.ep is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What HackTool.Win32.KMSAuto.ep virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Possible date expiration check, exits too soon after checking local time
Anomalous file deletion behavior detected (10+)
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Russian
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Harvests cookies for information gathering
Anomalous binary characteristics

How to determine HackTool.Win32.KMSAuto.ep?


File Info:
name: 2CA7E840ECEF7D05D7DB.mlwpath: /opt/CAPEv2/storage/binaries/1d56e1f4487c4c00efb5767face2cd6751d7677735a94ab0b071c77f16325055crc32: 03B6927Emd5: 2ca7e840ecef7d05d7db4d1dead24d6fsha1: baff7ba7033034202c1dc56e4eb82a2098e90e03sha256: 1d56e1f4487c4c00efb5767face2cd6751d7677735a94ab0b071c77f16325055sha512: 52c5ceba64575d073476fef0f0d4c3c28412a0c512ab056585e819583a29a214e99c8bac0219f6567db4599ed85bead894b3b8ec77e6fd4af1d244bca38be524ssdeep: 196608:DKusCHlZevr2ERVKu3Yo9x7RwnYcpEdc/VijdwrilArVaNBa8oE2M8BYAl:ma2Ervyc/VlrilArVaNBa8o3NYitype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A9C633353591A033C376267A2849C6B4903DF50566ABDE9571CF2E0CBFE12DF68B40AEsha3_384: cc57b5a04fd11b25686a088c730b8948a396dc69032825273613daaef503ccfc3f001c940949a05f731851fda42e4dc5ep_bytes: 558bec83c4f0b888534200e824f2fdfftimestamp: 1992-06-19 22:22:17
Version Info:
Comments: CompanyName: Microsoft Office                                            FileDescription: Microsoft Office 6.4.5.0 Installation                       FileVersion: 6.4.5.0             LegalCopyright: Microsoft Office                                                                                    Translation: 0x0409 0x04e4

HackTool.Win32.KMSAuto.ep also known as:

Lionic	Riskware.Win32.Generic.1!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.2ca7e840ecef7d05
McAfee	Artemis!2CA7E840ECEF
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.vqznl
K7AntiVirus	Trojan ( 00560c521 )
K7GW	Trojan ( 00560c521 )
CrowdStrike	win/malicious_confidence_70% (W)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
ClamAV	Win.Dropper.Vidar-9144671-0
Kaspersky	HackTool.Win32.KMSAuto.ep
NANO-Antivirus	Riskware.Win64.Razy.iupdbs
Avast	Win64:Trojan-gen
DrWeb	Tool.Nssm.6
McAfee-GW-Edition	BehavesLike.Win32.PUP.wc
Ikarus	Trojan.Win64.Themida
Jiangmin	RiskTool.Generic.pss
Avira	HEUR/AGEN.1102925
Antiy-AVL	Trojan/Generic.ASMalwS.2D64E2F
Microsoft	Trojan:Win32/Occamy.C1D
Cynet	Malicious (score: 99)
VBA32	Trojan.Wacatac
Malwarebytes	Malware.AI.3050608048
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/CoinMiner.FQ!tr
AVG	Win64:Trojan-gen
Cybereason	malicious.703303