PUA

PUA.KMS.S24702025 malicious file

Malware Removal

The PUA.KMS.S24702025 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA.KMS.S24702025 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics

How to determine PUA.KMS.S24702025?



File Info:

name: 7A90B35D7369F23D0B04.mlw
path: /opt/CAPEv2/storage/binaries/f3c9556e9d683f3479f554c65f053f3c8350dae5c52b78392663be9b38f009a8
crc32: 1B5FC141
md5: 7a90b35d7369f23d0b04b259f307e34d
sha1: 1a8b46445200b099c57b6979967e3a07279792a6
sha256: f3c9556e9d683f3479f554c65f053f3c8350dae5c52b78392663be9b38f009a8
sha512: a0bfbc2adb15ae8f1079312f3c5783f5585d9e3e09fb4213b3fa958bffe96d84130d915f5a63de0e1bf84bfd76e99ef6c7c202b1f01a42764feec5b037795044
ssdeep: 49152:5w80cTsjkWavE4jaoXnESkMlU82UXXl3:W8sjkfE3oXtlB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17A75BE12AFFD8360CE665033FA6967016E6B7C210520F85B2ED43D79AA73163126F763
sha3_384: 761faa9f104522118a7fc849ce0889edfed23bbae00bdc610debb2fd707ddd148358c812a9417cbe1c2dcd1ebb0993e7
ep_bytes: e8b8d00000e97ffeffffcccccccccccc
timestamp: 2021-03-19 14:27:43


Version Info:

FileVersion: 22.2.0.0
Comments: HEU KMS Activator
FileDescription: HEU KMS Activator™
ProductVersion: 22.2.0.0
LegalCopyright: ©2012-2021 www.heu8.com & 知彼而知己
Productname: HEU KMS Activator
CompanyName: 知彼而知己
Translation: 0x0804 0x04b0

PUA.KMS.S24702025 also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanAIT:Trojan.Nymeria.4983
FireEyeAIT:Trojan.Nymeria.4983
CAT-QuickHealPUA.KMS.S24702025
ALYacAIT:Trojan.Nymeria.4983
VirITTrojan.Win32.Nanocore.Y
APEXMalicious
CynetMalicious (score: 100)
BitDefenderAIT:Trojan.Nymeria.4983
TencentPua:Hacktool.Win32.Kmsauto.16000261
Ad-AwareAIT:Trojan.Nymeria.4983
EmsisoftAIT:Trojan.Nymeria.4983 (B)
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.th
MAXmalware (ai score=81)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataAIT:Trojan.Nymeria.4983 (2x)
AhnLab-V3Trojan/AU3.AutoInj.S1107
VBA32Trojan.Autoit.Wirus
MalwarebytesRiskWare.KMS
MaxSecureTrojan.Malware.116318921.susgen
Cybereasonmalicious.d7369f

How to remove PUA.KMS.S24702025?

PUA.KMS.S24702025 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment