What is “HackTool:Win32/AutoKMS.D”?

The HackTool:Win32/AutoKMS.D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool:Win32/AutoKMS.D virus can do?

The binary likely contains encrypted or compressed data.
.NET file is packed/obfuscated with SmartAssembly
Authenticode signature is invalid

How to determine HackTool:Win32/AutoKMS.D?


File Info:
name: 42E794590D7255562A29.mlw
path: /opt/CAPEv2/storage/binaries/92351255af84a39cf7587f2047f9922e6df9958796d656d2f425a4e469085666
crc32: 262FEEB4
md5: 42e794590d7255562a290817ab6d8033
sha1: c6fd079bf21a7cc5ed5286c3e06cc724b8b7c0cd
sha256: 92351255af84a39cf7587f2047f9922e6df9958796d656d2f425a4e469085666
sha512: 7cf52b944068b779a4ba782e43905ac10f8a9e282d6a4d81b71c1c74a577bb59b0be3c1e00b0ce8073198b91822ca22899993f1da24b9a10dd06f62ac77a61be
ssdeep: 98304:GOa+FxZJyupYqRIxfPyh2QH+1eFLR99WIAazuAhgWj3J9E92Zg7wCO:JFfgI1RIxyhBceF1WkiASiJucrCO
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T127369A443C9417BBDE870EB7D8DFDDC617E4FE11A687911B20803FA476E6AA14601B27
sha3_384: 4fd716aeec8d0c2b6d2bbbcc38f97559c8e8e7c8bd65e04af903959636802fb740c16e1f8eed318cb3b64d8e81f6e8ec
ep_bytes: ff250020400000000000000000000000
timestamp: 2015-10-06 21:23:40

Version Info:
0: [No Data]

HackTool:Win32/AutoKMS.D also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Hacktool.Win32.AutoKMS.3!c
MicroWorld-eScan	Gen:Variant.Ursu.816073
Skyhigh	Trojan-FMPX!42E794590D72
ALYac	Gen:Variant.Ursu.816073
Malwarebytes	Malware.AI.4186837428
VIPRE	Gen:Variant.Ursu.816073
Sangfor	Hacktool.Win32.KMSAuto.Vva6
BitDefender	Gen:Variant.Ursu.816073
CrowdStrike	win/grayware_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
Cynet	Malicious (score: 100)
Alibaba	HackTool:Win32/AutoKMS.495f7995
Rising	Hacktool.AutoKMS!8.CB6 (CLOUD)
Emsisoft	Gen:Variant.Ursu.816073 (B)
DrWeb	Trojan.MulDrop6.22707
FireEye	Generic.mg.42e794590d725556
Sophos	Generic Reputation PUA (PUA)
SentinelOne	Static AI – Suspicious PE
Webroot	W32.Hack.Tool
Google	Detected
MAX	malware (ai score=84)
Antiy-AVL	HackTool/Win32.AutoKMS
Microsoft	HackTool:Win32/AutoKMS.D
Xcitium	Malware@#1t99jk6b654ei
Arcabit	Trojan.Ursu.DC73C9
GData	Gen:Variant.Ursu.816073
McAfee	Trojan-FMPX!42E794590D72
DeepInstinct	MALICIOUS
VBA32	Trojan.MulDrop
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002H0CL623
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.Malware.300983.susgen
BitDefenderTheta	Gen:NN.ZemsilF.36680.@p0@aufxnLp
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen

How to remove HackTool:Win32/AutoKMS.D?

HackTool:Win32/AutoKMS.D removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X