Reason Labs

zwptxqtmfev.exe

The application zwptxqtmfev.exe has been detected as Riskware.KMSPico.HackUtility.
MD5:
3b9abb76cb1d3ebbf007407f019f1692

SHA-1:
7dd1917baeb0511be15150e61298a08d2edbcbb5

SHA-256:
05edf0b0c0ce8528c27a27245eb88f296b476de7fd06fff5cb3911557d3b0d99

Detection:
Riskware.KMSPico.HackUtility

Risk:
Low

Analysis date:
10/21/2018 12:22:33 AM UTC  (today)

File size:
255.1 KB (261,174 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kmspico\zwptxqtmfev.exe

File PE Metadata
Compilation timestamp:
3/2/2013 10:03:45 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

Entry address:
0x1296F

Entry point:
E8, 99, 98, 00, 00, E9, 87, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 24, 89, 43, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, D8, 05, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 24, 89, 43, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00...
 
[+]

Characteristics:
0x258

Code size:
156 KB (159,744 bytes)

zwptxqtmfev.exe is installed together with the following file.

Riskware.KMSPico.HackUtility
04qmeol8keh.exe  (74bd2dcbd23476cbbc0e78ff0305c133477c00e6)

There are numerous known code variantions that share the same compilation structure.

Riskware.KMSPico.HackUtility
yu9gzcp6juy.exe  (54c3a5f5549ce0f37c3c471e14fb74c219eb11ef)

Riskware.KMSPico.HackUtility
yrttm6dgpci.exe  (cdf496f1249e23589d0cc436186ae4a520d944e9)

Riskware.KMSPico.HackUtility
ybgzkrhtytm.exe  (f4099eebef71d2d225ff4bb57d07af8cd180d099)

Riskware.KMSPico.HackUtility
xxipn0rmpgi.exe  (0741ce2648890bfc6188f06a11db5201962e6383)

Riskware.KMSPico.HackUtility
xl3dkp8o9hk.exe  (7b038423cd400f5c3d0fff53e2fe8d9ea1b8eefb)

Riskware.KMSPico.HackUtility
xa76955nhk0.exe  (ce952806aad4b93301b4cba7f250c5a6690477b7)

Riskware.KMSPico.HackUtility
wtpxotcxnl1.exe  (6d075293a9d0eb446ff8d8941d00bf9fd3e0829d)

Riskware.KMSPico.HackUtility
wrp4s1rbt3i.exe  (8b6ba242c7135e53f92dbb18c6c13bb07ce1faf6)

Riskware.KMSPico.HackUtility
wf9fgoj0zr5.exe  (34014a7caa83bde8df632977883ca3ba315a5cf7)

Riskware.KMSPico.HackUtility
wamp46cggn6.exe  (5c1987c8b67e244ab81efaa900a7088620e31086)

Riskware.KMSPico.HackUtility
v5raffy6lej.exe  (28705d53fb32bb092966518f8165f6c6d961083d)

Riskware.KMSPico.HackUtility
v3wkjxz3ts3.exe  (4cfca08d7bc01a8b844bd6ecdd0b365c6eb027d7)

Riskware.KMSPico.HackUtility
uqw9efoolf0.exe  (744cb2cbc616b74555d60ca80b0b034898a6a1db)

Riskware.KMSPico.HackUtility
u85auvy1gmo.exe  (15644ffbcc5dd7dad38d7b58995143743fa2f8a4)

Riskware.KMSPico.HackUtility
u6bffr0t77q.exe  (94d1e762d952c65fb1a44b6938ce9e1feba173a8)

Download Reason Core Security - Powerful anti-malware software