Should I block it?
Yes, 98% block recommendation.
Possible reason:
Multiple malware detections
Additional versions
AutoKMS.exe
AutoKMS
Version: | 2.1.3.0 |
MD5: | 901306b7ca56b1214a88087d224bf145 |
SHA1: | 8ceb9933d8b7da5366012b5b26985e56c37c2523 |
SHA256: | 495a9347398f958d1b530f642425f1b71ea1bcedddd7ba76f301feb0510852a3 |
Warning 27 antivirus scanners has detected malware.
Overview
autokms.exe is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC).
Details
File name: | autokms.exe |
Product name: | AutoKMS |
Typical file path: | C:\windows\autokms\autokms.exe |
File version: | 2.1.3.0 |
Size: | 712 KB (729,088 bytes) |
Digital DNA |
File packed: | No |
Code language: | Microsoft Visual C# / Basic .NET |
.NET CLR: | Yes |
.NET NGENed: | No |
More details
Behaviors
Scheduled tasks
- The job 'AutoKMSCustom' runs daily in the path '\AutoKMSCustom'
- The task 'AutoKMSDaily' runs daily in the path '\AutoKMSDaily'
- The job 'AutoKMS' runs daily in the path '\AutoKMS'
- Entry path '\AutoKMSDaily'
- Entry path '\AutoKMS'
- Entry path 'C:\WINDOWS\Tasks\AutoKMS.job'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\AutoKMS'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'AutoKMS' → C:\WINDOWS\AutoKMS.exe
Malware detections
Based on 40+ industry antivirus scanners, 27 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Agnitum |
5.5.1.3 |
Trojan.Meredrop!Fzg3EZJAohU |
Antiy Labs AVL |
2.0.3.7 |
Trojan/win32.agent.gen |
avast! |
6.0.1289.0 |
Win32:PUP-gen [PUP] |
AVG |
2014.0.3629 |
Generic22.GWB |
BitDefender |
7.2 |
Trojan.Generic.5963867 |
Commtouch |
5.4.1.7 |
W32/Trojan.HIML-8905 |
Comodo Internet Security |
15736 |
UnclassifiedMalware |
Emsisoft Anti-Malware |
3.0.0.575 |
Trojan.Generic.5963867 (B) |
eSafe |
7.0.17.0 |
Win32.SPRTool.Keygen |
ESET NOD32 |
7.8172 |
a variant of Win32/HackKMS.B |
Fortinet |
5.0.43.0 |
W32/SPNR.1CJI11!tr |
F-Secure |
11.0.19020.35 |
Trojan.Generic.5963867 |
G Data |
13.4.22 |
Trojan.Generic.5963867 |
Ikarus |
T3.1.4.0.0 |
not-a-virus.Actiavtion.KMS |
K7 AntiVirus |
9.164.8447 |
Riskware |
McAfee |
5.400.1158 |
Generic Dropper!1f3 |
McAfee Gateway Anti-Malware |
v2012.1-dat |
Generic Dropper!1f3 |
Microsoft Security Essentials |
1.9302.0 |
HackTool:Win32/Keygen |
eScan by MicroWorld |
12.0.250.0 |
Trojan.Generic.5963867 |
Norman |
7.00.22 |
Suspicious_Gen2.MKFVJ |
nProtect |
2013-03-28.01 |
Trojan.Generic.5963867 |
Panda Antivirus |
10.0.3.5 |
Generic Malware |
Sophos |
4.87.0 |
Mal/Meredrop-B |
Symantec |
20121.3.0.76 |
WS.Reputation.1 |
Trend Micro |
9.740.0.1012 |
TROJ_SPNR.1CJI11 |
Trend Micro HouseCall |
9.700.0.1001 |
TROJ_SPNR.1CJI11 |
VIPRE Antivirus |
16356 |
Trojan.Win32.Generic!BT |
Distribution by Windows OS
OS version | distribution |
Windows 7 Ultimate |
32.91% |
|
Windows 7 Home Premium |
16.46% |
|
Windows 8 |
7.59% |
|
Windows 7 Professional |
7.59% |
|
Windows 8 Pro |
7.59% |
|
Windows 8.1 |
5.06% |
|
Windows 8.1 Pro with Media Center |
3.80% |
|
Windows 8.1 Single Language |
2.53% |
|
Windows 8 Enterprise N |
2.53% |
|
Microsoft Windows XP |
2.53% |
|
Windows 7 Enterprise |
2.53% |
|
Windows 7 Starter |
2.53% |
|
Windows 8 Enterprise |
2.53% |
|
Windows 8.1 Pro |
1.27% |
|
Windows 8.1 Pro Preview with Media Center |
1.27% |
|
Windows 7 Home Basic |
1.27% |
|
Distribution by country
United States installs about 11.39% of AutoKMS.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Lenovo |
33.71% |
|
ASUS |
15.73% |
|
Toshiba |
13.48% |
|
Acer |
8.99% |
|
Hewlett-Packard |
7.87% |
|
Intel |
4.49% |
|
Dell |
4.49% |
|
GIGABYTE |
4.49% |
|
American Megatrends |
3.37% |
|
Samsung |
3.37% |
|