Search | Contact | |
Home PC Support System Processes Software
Home / System Processes / D4F602B1F775B5827932D3C5B04A3FD2

System Processes

  • Home
  • Processes

  • Find Process
  • Overview
  • HiJackthis scan
  • System-scan
  • File Threat Rank
  • Report File
  • Create Account
  • Sign in
  • Further help

  • Search



  • File Threath Rank: High Risk

    MD5: D4F602B1F775B5827932D3C5B04A3FD2
    SHA1: 8BAAF0B8C8BC4F1BBC4E3D1E02B3516805C1690C
    SHA256: 47A22F3649C7021AD78B5E44C73640CB7D37B2AFA2266AEFA2E030294065284E
    Size: 3293 KB.
    Activity:
    First seen: 2014-08-16
    Last update: 2016-10-01 00:00:00
    File: AutoKMS.exe (Trojanstartpage.DAW) More Info
    Version: 2.4.3.0
    Possible infection: Trojan:Win32/Skeeyah.GV
    A type of malware. A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC.
    Digital Certificate: Unsigned
    This file has no digital signature. The publisher of this file could not be verified.
    Internet connection: Safe connection
    Connects to safe servers.
    Entropy: Encrypted.
    Content of this file is encrypted. This makes it very difficult for antivirus programs to scan them.
    Mail traffic: None
    Does not send or received e-mails.

    Classification

    Reputation:
    Online reputation of file.
    Behaviour:
    The file is executed in an safe environment.
    Virusscan:
    The file is scanned for malicious code.
    Statistic:
    Statistic results of the file.
    Fingerprint:
    File import fingerprint.
    CTPH Hashes:
    SSDeep comparison (fuzzy match).

    File Entropy

    0 bytes3372032 bytes
    Empty
    Data
    Text
    Code
    Compressed
    Encrypted
    Random

    File type

    .NET compiler + SmartAssembly Obfuscator 6.5.2
    .NET Framework is a software framework developed by Microsoft that runs primarily on Microsoft Windows.

    File Signing

    Publishern/a
    Product NameAutoKMS
    DescriptionAutoKMS
    Signing date0000-00-00 00:00:00
    Signers:
    Counter Signers:

    File Behaviour

    Detects AntiVirus Program
    Sleeps more then 1 minute
    Execute file by other program
    Can read keyboard input
    Gives Debug Rights (SeDebugPrivilege)
    Gives rights to open Powerpivot. (SeIncreaseBasePriorityPrivilege)
    Injects code into process
    Internet - Connects securley to server on port 443
    Checks for debuggers
    Porcess - Enumerates running processes
    Process - Enables process privileges.

    Statistic Report

    Comparable with other files with the same name
    No certificate.
    Other files with the same name do not have a certificate as well.
    The file is not very common.
    Content of file is obfuscated or encrypted.

    User feedback

    Provide feedback :
    You are not signed in. Only Community users can leave a comment.
    Create an account
    Sign in
    No feedback received yet. Be the first and help other users

    Dropped files

    Internet traffic

    Connects securley to server on port 44365.55.53.190

    Sections in file

    .relocF09DDFBDDBEB7E06C7736347F4525223
    .rsrcCA7CB72402F5AD45504EDD1FA857D5E0
    .text6115DB07D91F4AC4AB012BD4C94CB77B

    Files with this hash

    AutoKMS.exev. 2.4.3.0 More Info

    © Agics V.O.F. 2004-2017 - Chamber of Commerce nr. 18075316 - VAT. NL815145391B01 - Disclaimer (NL) - Sitemap
    www.agics.nl www.agics.be www.computer-support.nl mobiel.agics.nl www.backgroundtask.eu www.backgroundtask.net www.agicshosting.nl www.eigen-website.com