Should I block it?
Yes, 98% block recommendation.
Possible reason:
Multiple malware detections
Additional versions
AutoKMS.exe
AutoKMS
| Version: | 2.1.5.0 |
| MD5: | 5f8661f8550d9c66073ef49c1bbbaf8b |
| SHA1: | 81f5010e7b4dbd49c66abc46a3ddda996a95f590 |
| SHA256: | 0ac7ca3cf3b1fd52e408a9c579d148ac66cab30c041061521e6ae31cf8d1bd3a |
Warning 21 antivirus scanners has detected malware.
Overview
autokms.exe is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC).
Details
| File name: | autokms.exe |
| Product name: | AutoKMS |
| Typical file path: | C:\windows\autokms\autokms.exe |
| File version: | 2.1.5.0 |
| Size: | 714.5 KB (731,648 bytes) |
| Digital DNA |
| File packed: | No |
| Code language: | Microsoft Visual C# / Basic .NET |
| .NET CLR: | Yes |
| .NET NGENed: | No |
More details
Behaviors
Scheduled tasks
- The job 'AutoKMSCustom' runs daily in the path '\AutoKMSCustom'
- The task 'AutoKMSDaily' runs daily in the path '\AutoKMSDaily'
- The job 'AutoKMS' runs daily in the path '\AutoKMS'
- Entry path '\AutoKMSDaily'
- Entry path '\AutoKMS'
- Entry path 'C:\WINDOWS\Tasks\AutoKMS.job'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\AutoKMS'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'AutoKMS' → C:\WINDOWS\AutoKMS.exe
Malware detections
Based on 40+ industry antivirus scanners, 21 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Agnitum |
5.5.1.3 |
Trojan.Meredrop!FRcm9CKzHag |
| AhnLab V3 Internet Security |
2013.04.04.04 |
Trojan/Win32.Gen |
| Avira AntiVir |
7.11.70.32 |
TR/Meredrop.A.10879 |
| AVG |
2014.0.3629 |
Generic23.BLCV |
| CAT Quick Heal |
4.13.12.00 |
Trojan.Meredrop |
| Commtouch |
5.4.1.7 |
W32/Trojan.PUGW-4060 |
| Comodo Internet Security |
15806 |
UnclassifiedMalware |
| eSafe |
7.0.17.0 |
Win32.Trojan |
| ESET NOD32 |
7.8193 |
a variant of Win32/HackKMS.B |
| Fortinet |
5.0.43.0 |
W32/Malware_fam.NB |
| Ikarus |
T3.1.4.0.0 |
possible-Threat.Tool.Keygen |
| McAfee |
5.400.1158 |
Generic Dropper!dvv |
| McAfee Gateway Anti-Malware |
v2012.1-dat |
Generic Dropper!dvv |
| Microsoft Security Essentials |
1.9302.0 |
HackTool:Win32/Keygen |
| Norman |
7.00.22 |
Suspicious_Gen2.NPCVJ |
| PC Tools |
9.0.0.2 |
Trojan.Gen |
| Sophos |
4.87.0 |
Mal/Meredrop-B |
| Symantec |
20121.3.0.76 |
Trojan.Gen |
| Trend Micro |
9.740.0.1012 |
TROJ_SPNR.0BGS11 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_SPNR.0BGS11 |
| VIPRE Antivirus |
16550 |
Trojan.Win32.Generic!BT |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
32.91% |
|
| Windows 7 Home Premium |
16.46% |
|
| Windows 8 |
7.59% |
|
| Windows 7 Professional |
7.59% |
|
| Windows 8 Pro |
7.59% |
|
| Windows 8.1 |
5.06% |
|
| Windows 8.1 Pro with Media Center |
3.80% |
|
| Windows 8.1 Single Language |
2.53% |
|
| Windows 8 Enterprise N |
2.53% |
|
| Microsoft Windows XP |
2.53% |
|
| Windows 7 Enterprise |
2.53% |
|
| Windows 7 Starter |
2.53% |
|
| Windows 8 Enterprise |
2.53% |
|
| Windows 8.1 Pro |
1.27% |
|
| Windows 8.1 Pro Preview with Media Center |
1.27% |
|
| Windows 7 Home Basic |
1.27% |
|
Distribution by country
United States installs about 11.39% of AutoKMS.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Lenovo |
33.71% |
|
| ASUS |
15.73% |
|
| Toshiba |
13.48% |
|
| Acer |
8.99% |
|
| Hewlett-Packard |
7.87% |
|
| Intel |
4.49% |
|
| Dell |
4.49% |
|
| GIGABYTE |
4.49% |
|
| American Megatrends |
3.37% |
|
| Samsung |
3.37% |
|
