Reason Labs

ybgzkrhtytm.exe

The application ybgzkrhtytm.exe has been detected as Riskware.KMSPico.HackUtility.
MD5:
026556d9f7d119d10cb3e4d462e8df28

SHA-1:
f4099eebef71d2d225ff4bb57d07af8cd180d099

SHA-256:
8b97486fb7659aa15373029cf8f486a682f15df14053d7b2e6bde2d85c37a972

Detection:
Riskware.KMSPico.HackUtility

Risk:
Low

Analysis date:
12/12/2018 11:57:03 AM UTC  (today)

File size:
255.1 KB (261,174 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kmspico\ybgzkrhtytm.exe

File PE Metadata
Compilation timestamp:
3/2/2013 10:03:45 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

Entry address:
0x1296F

Entry point:
E8, 99, 98, 00, 00, E9, 87, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 24, 89, 43, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, D8, 05, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 24, 89, 43, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00...
 
[+]

Characteristics:
0x258

Code size:
156 KB (159,744 bytes)

ybgzkrhtytm.exe is installed together with the following file.

Riskware.KMSPico.HackUtility
04qmeol8keh.exe  (74bd2dcbd23476cbbc0e78ff0305c133477c00e6)

There are numerous known code variantions that share the same compilation structure.

Riskware.KMSPico.HackUtility
zwptxqtmfev.exe  (7dd1917baeb0511be15150e61298a08d2edbcbb5)

Riskware.KMSPico.HackUtility
yu9gzcp6juy.exe  (54c3a5f5549ce0f37c3c471e14fb74c219eb11ef)

Riskware.KMSPico.HackUtility
yrttm6dgpci.exe  (cdf496f1249e23589d0cc436186ae4a520d944e9)

Riskware.KMSPico.HackUtility
xxipn0rmpgi.exe  (0741ce2648890bfc6188f06a11db5201962e6383)

Riskware.KMSPico.HackUtility
xl3dkp8o9hk.exe  (7b038423cd400f5c3d0fff53e2fe8d9ea1b8eefb)

Riskware.KMSPico.HackUtility
xa76955nhk0.exe  (ce952806aad4b93301b4cba7f250c5a6690477b7)

Riskware.KMSPico.HackUtility
wtpxotcxnl1.exe  (6d075293a9d0eb446ff8d8941d00bf9fd3e0829d)

Riskware.KMSPico.HackUtility
wrp4s1rbt3i.exe  (8b6ba242c7135e53f92dbb18c6c13bb07ce1faf6)

Riskware.KMSPico.HackUtility
wf9fgoj0zr5.exe  (34014a7caa83bde8df632977883ca3ba315a5cf7)

Riskware.KMSPico.HackUtility
wamp46cggn6.exe  (5c1987c8b67e244ab81efaa900a7088620e31086)

Riskware.KMSPico.HackUtility
v5raffy6lej.exe  (28705d53fb32bb092966518f8165f6c6d961083d)

Riskware.KMSPico.HackUtility
v3wkjxz3ts3.exe  (4cfca08d7bc01a8b844bd6ecdd0b365c6eb027d7)

Riskware.KMSPico.HackUtility
uqw9efoolf0.exe  (744cb2cbc616b74555d60ca80b0b034898a6a1db)

Riskware.KMSPico.HackUtility
u85auvy1gmo.exe  (15644ffbcc5dd7dad38d7b58995143743fa2f8a4)

Riskware.KMSPico.HackUtility
u6bffr0t77q.exe  (94d1e762d952c65fb1a44b6938ce9e1feba173a8)

Download Reason Core Security - Powerful anti-malware software