KMSSERVER.EXE – Trojan KeygenRiskware

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

KMSSERVER.EXE – Trojan KeygenRiskware removal

FileMD5Virus Alias
KMSSERVER.EXE df4e58adfebda4f96de5d9a8b1a512a5 Trojan KeygenRiskware
KMSSERVER.EXE df4e58adfebda4f96de5d9a8b1a512a5 Trojan SuspiciousFile
KMSSERVER.EXE df4e58adfebda4f96de5d9a8b1a512a5 Trojan Generic
KMSSERVER.EXE df4e58adfebda4f96de5d9a8b1a512a5 Trojan ADH

KMSSERVER.EXE size: 151552 bytes
KMSSERVER.EXE hash: DF4E58ADFEBDA4F96DE5D9A8B1A512A5

Created files:

%TEMP%\RarSFX0\data\KmsServer\KmsServer.exe
%TEMP%\RarSFX0\data\KmsServer\kslui.exe
%TEMP%\RarSFX0\data\KmsServer\Server.exe
%TEMP%\RarSFX0\data\Option\Edition.exe
%TEMP%\RarSFX0\data\Option\OGACheckControl.dll
%TEMP%\RarSFX0\data\slmgr\P\ospp.vbs
%TEMP%\RarSFX0\data\slmgr\P\osppc.dll
%TEMP%\RarSFX0\data\slmgr\P\ospprearm.exe
%TEMP%\RarSFX0\data\slmgr\P\slmgr.vbs
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\ppdlic\Security-SPP-Component-SKU-Enterprise-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-RAC-private.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-RAC-public.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-ul-oob.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-ul.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-pl.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-ul-oob.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-ul-phn.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\ppdlic\Personalization-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\ppdlic\Security-SPP-Component-SKU-Professional-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-private.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-public.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul-oob.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-pl.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-oob.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-phn.xrm-ms
%TEMP%\RarSFX0\data\VBS\HS.exe

Detected by UnHackMe:

KMSSERVER.EXE
Default location: %TEMP%\RARSFX0\DATA\KMSSERVER\KMSSERVER.EXE

Dropper information:
MD5: 37de6924ebb21cc748b7f153089d70d8
File size: 972902 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images