Service_KMS.exe
Service_KMS by ByELDI Certificate (Signed)
Warning 20 antivirus scanners has detected malware in various versions of Service_KMS.exe.
Overview
service_kms.exe has 6 known versions, the most recent one is 11.0.0.0. It is started as a Windows Service with the name 'Service KMSELDI'. In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 492.05 KB. It is an authenticode code-signed executable issued to ByELDI Certificate by the certification authority ByELDI Certificate. Numerous variations of service_kms.exe have been installed with both KMSpico v9.1.3 and KMSpico. This is a .NET Common Language Runtime (CLR) assembly. During the process's lifecycle, the typical CPU resource utilization is about 0.0067% including both foreground and background operations, the average private memory consumption is about 17.3 MB with the maximum memory reaching around 18.38 MB. Addionally, typically read and write I/O disk operations is about 6.27 KB per minute for reads and 3.96 KB per minute for writes.
 Details
|
| File name: | service_kms.exe |
| Product name: | Service_KMS |
| Typical file path: | C:\Program Files\kmspico\service_kms.exe |
| Certificate |
| Issued to: | ByELDI Certificate |
| Authority (CA): | ByELDI Certificate |
| Expiration date: | Saturday, December 31, 2039 |
| Windows Service |
| Service name: | Service KMSELDI |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of Service_KMS.)
Behaviors
(Note, the behaviors below are for all versions of service_kms.exe, select a unique version for details.)
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Malware detections
Based on 40+ industry antivirus scanners, 20 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| AVG |
13.0.0.3169 |
Dropper.Msil |
2.2.0.0 |
| AVG |
13.0.0.3169 |
Dropper.Msil |
6.1.0.0 |
| Bkav Security |
1.3.0.4562 |
W32.Clodacf.Trojan.7119 |
6.1.0.0 |
| Comodo Internet Security |
17154 |
UnclassifiedMalware |
2.2.0.0 |
| G Data |
13.11.22 |
Win32.Trojan.Agent.QZM917 |
2.2.0.0 |
| Ikarus |
T3.1.5.4.0 |
Virus.Dropper |
2.2.0.0 |
| Ikarus |
T3.1.5.6.0 |
Virus.Dropper |
6.1.0.0 |
| McAfee |
5.600.1067 |
Artemis!AEC1F9844796 |
2.2.0.0 |
| McAfee |
5.600.1067 |
Artemis!3855F916344F |
6.1.0.0 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!AEC1F9844796 |
2.2.0.0 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!3855F916344F |
6.1.0.0 |
| Norman |
7.02.06 |
Agent.AOQWC |
2.2.0.0 |
| Norman |
7.02.06 |
Agent.AOQWC |
6.1.0.0 |
| Panda Antivirus |
10.0.3.5 |
Trj/OCJ.D |
2.2.0.0 |
| Symantec |
20131.1.0.101 |
WS.Reputation.1 |
1.0.0.0 |
| Symantec |
20131.1.5.61 |
WS.Reputation.1 |
2.2.0.0 |
| Symantec |
20131.1.5.61 |
WS.Reputation.1 |
6.1.0.0 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0308 |
1.0.0.0 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R00GH01H413 |
6.1.0.0 |
| VIPRE Antivirus |
22702 |
Trojan.Win32.Generic!BT |
2.2.0.0 |
All file variations of service_kms.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
22.22% |
|
| Windows 7 Ultimate |
22.22% |
|
| Windows 8 Pro |
22.22% |
|
| Windows 8.1 |
11.11% |
|
| Windows 7 Home Premium |
11.11% |
|
| Windows 8 Pro with Media Center |
11.11% |
|
Distribution by country
India installs about 33.33% of Service_KMS.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
54.55% |
|
| Acer |
27.27% |
|
| Lenovo |
18.18% |
|
