Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
Relationships
Parent process
Related files
Service_KMS.exe
Service_KMS by ByELDI Certificate (Signed)
Version: | 2.2.0.0 |
MD5: | aec1f9844796cb0a06c62f6fb416c82b |
SHA1: | d3d0343fcc29e60d6f5504f7e1aa1ca85c88c03f |
SHA256: | 39ab29375203b743b5adf42c5eed9f874fe84a817be7a28d144470a9800ecd60 |
Warning 10 antivirus scanners has detected malware.
Overview
service_kms.exe is malware that runs as a service under the name Service KMSELDI with extensive SYSTEM privileges (full administrator access). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by ByELDI Certificate.
Details
File name: | service_kms.exe |
Product name: | Service_KMS |
Typical file path: | C:\Program Files\kmspico\service_kms.exe |
File version: | 2.2.0.0 |
Size: | 443.5 KB (454,144 bytes) |
Build date: | 3/28/2013 9:58 AM |
Certificate |
Issued to: | ByELDI Certificate |
Authority (CA): | ByELDI Certificate |
Expiration date: | Saturday, December 31, 2039 |
Digital DNA |
File packed: | No |
Code language: | Microsoft Visual C# / Basic .NET |
.NET CLR: | Yes |
.NET NGENed: | No |
More details
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Malware detections
Based on 40+ industry antivirus scanners, 10 of them detected the following malware.
Antivirus engine | Engine version | Detection |
AVG |
13.0.0.3169 |
Dropper.Msil |
Comodo Internet Security |
17154 |
UnclassifiedMalware |
G Data |
13.11.22 |
Win32.Trojan.Agent.QZM917 |
Ikarus |
T3.1.5.4.0 |
Virus.Dropper |
McAfee |
5.600.1067 |
Artemis!AEC1F9844796 |
McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!AEC1F9844796 |
Norman |
7.02.06 |
Agent.AOQWC |
Panda Antivirus |
10.0.3.5 |
Trj/OCJ.D |
Symantec |
20131.1.5.61 |
WS.Reputation.1 |
VIPRE Antivirus |
22702 |
Trojan.Win32.Generic!BT |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.01083071% | |
Kernel CPU: | 0.00239823% | |
User CPU: | 0.00843248% | |
Kernel CPU time: | 31 ms/min | |
Context switches: | 1/sec | |
Memory |
Private memory: | 19.05 MB | |
Private (maximum): | 20.13 MB | |
Private (minimum): | 20.07 MB | |
Non-paged memory: | 19.05 MB | |
Virtual memory: | 496.28 MB | |
Virtual memory (peak): | 503.19 MB | |
Working set: | 20.07 MB | |
Working set (peak): | 20.64 MB | |
Resource allocations |
Threads: | 6 | |
Handles: | 168 | |
Process properties
Threads
Averages
clr.dll |
Total CPU: | 0.01417901% | |
Kernel CPU: | 0.00236317% | |
User CPU: | 0.01181584% | |
CPU cycles: | 635,874/sec | |
Context switches: | 1/sec | |
Memory: | 9.38 MB | |
Service_KMS.exe (main module) |
Total CPU: | 0.00236017% | |
Kernel CPU: | 0.00236017% | |
User CPU: | 0.00000000% | |
CPU cycles: | 157,501/sec | |
Memory: | 472 KB | |
Distribution by Windows OS
OS version | distribution |
Windows 8.1 Pro |
22.22% |
|
Windows 7 Ultimate |
22.22% |
|
Windows 8 Pro |
22.22% |
|
Windows 8.1 |
11.11% |
|
Windows 7 Home Premium |
11.11% |
|
Windows 8 Pro with Media Center |
11.11% |
|
Distribution by country
India installs about 33.33% of Service_KMS.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Dell |
54.55% |
|
Acer |
27.27% |
|
Lenovo |
18.18% |
|