Should I block it?

90%

90% of PCs block this file from running.

Possible reason:

Multiple malware detections

Additional versions

11.0.0.0	11.11%
10.2.0.0	22.22%
8.4.0.0	11.11%
6.1.0.0	11.11%
2.2.0.0	11.11%
1.0.0.0	33.33%

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

autopico.exe (AutoPico by ByELDI Certificate)

Service_KMS.exe

Service_KMS by ByELDI Certificate (Signed)

Remove Service_KMS.exe

Version:	2.2.0.0
MD5:	aec1f9844796cb0a06c62f6fb416c82b
SHA1:	d3d0343fcc29e60d6f5504f7e1aa1ca85c88c03f
SHA256:	39ab29375203b743b5adf42c5eed9f874fe84a817be7a28d144470a9800ecd60

Warning 10 antivirus scanners has detected malware.

Overview

service_kms.exe is malware that runs as a service under the name Service KMSELDI with extensive SYSTEM privileges (full administrator access). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by ByELDI Certificate.

Details

File name:	service_kms.exe
Product name:	Service_KMS
Typical file path:	C:\Program Files\kmspico\service_kms.exe
File version:	2.2.0.0
Size:	443.5 KB (454,144 bytes)
Build date:	3/28/2013 9:58 AM
Certificate
Issued to:	ByELDI Certificate
Authority (CA):	ByELDI Certificate
Expiration date:	Saturday, December 31, 2039
Digital DNA
File packed:	No
Code language:	Microsoft Visual C# / Basic .NET
.NET CLR:	Yes
.NET NGENed:	No

More details

Behaviors

Service

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'Service KMSELDI'

Malware detections

Based on 40+ industry antivirus scanners, 10 of them detected the following malware.

Antivirus engine	Engine version	Detection
AVG	13.0.0.3169	Dropper.Msil
Comodo Internet Security	17154	UnclassifiedMalware
G Data	13.11.22	Win32.Trojan.Agent.QZM917
Ikarus	T3.1.5.4.0	Virus.Dropper
McAfee	5.600.1067	Artemis!AEC1F9844796
McAfee Gateway Anti-Malware	v2013-dat	Artemis!AEC1F9844796
Norman	7.02.06	Agent.AOQWC
Panda Antivirus	10.0.3.5	Trj/OCJ.D
Symantec	20131.1.5.61	WS.Reputation.1
VIPRE Antivirus	22702	Trojan.Win32.Generic!BT

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.01083071%	0.028634%
Kernel CPU:	0.00239823%	0.013761%
User CPU:	0.00843248%	0.014873%
Kernel CPU time:	31 ms/min	100,923,805ms/min
Context switches:	1/sec	284/sec
Memory
Private memory:	19.05 MB	21.59 MB
Private (maximum):	20.13 MB
Private (minimum):	20.07 MB
Non-paged memory:	19.05 MB	21.59 MB
Virtual memory:	496.28 MB	140.96 MB
Virtual memory (peak):	503.19 MB	169.69 MB
Working set:	20.07 MB	18.61 MB
Working set (peak):	20.64 MB	37.95 MB
Resource allocations
Threads:	6	12
Handles:	168	600

Process properties

Integrety level:	Undefined
Platform:	64-bit
Command line:	"C:\Program Files\kmspico\service_kms.exe"
Owner:	SYSTEM
Windows Service
Service name:	Service KMSELDI
Type:	Win32OwnProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads

Averages

clr.dll
Total CPU:	0.01417901%	0.272967%
Kernel CPU:	0.00236317%	0.107585%
User CPU:	0.01181584%	0.165382%
CPU cycles:	635,874/sec	5,741,424/sec
Context switches:	1/sec	79/sec
Memory:	9.38 MB	1.16 MB
Service_KMS.exe (main module)
Total CPU:	0.00236017%
Kernel CPU:	0.00236017%
User CPU:	0.00000000%
CPU cycles:	157,501/sec
Memory:	472 KB

Distribution by Windows OS

OS version	distribution
Windows 8.1 Pro	22.22%
Windows 7 Ultimate	22.22%
Windows 8 Pro	22.22%
Windows 8.1	11.11%
Windows 7 Home Premium	11.11%
Windows 8 Pro with Media Center	11.11%

Distribution by country

India installs about 33.33% of Service_KMS.

Distribution by PC manufacturer

PC Manufacturer	distribution
Dell	54.55%
Acer	27.27%
Lenovo	18.18%

Remove Adware and Spyware Programs, FREE Download!