Should I block it?
Yes, 98% block recommendation.
Possible reason:
Multiple malware detections
Additional versions
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)
Relationships
Parent process
Child process
kmservice.exe
| MD5: | bca43e19e7013331d99ff788ea6b42a0 |
| SHA1: | 01c7d28e8828a91c27ffe0f1155cfa835fa6d703 |
| SHA256: | b075602cf6bcb3284c44a640daffa49cc5aa8f469a20e4b242f2dde85fcb4dbe |
Warning 15 antivirus scanners has detected malware.
Overview
kmservice.exe is malware that executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges) typically within the context of its parent
srvany.exe. This is typically installed with the program Microsoft Office Professional 2o1O Arabic X86 published by S.a.c.c.
Details
| File name: | kmservice.exe |
| Typical file path: | C:\windows\kmservice.exe |
| Size: | 148 KB (151,552 bytes) |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following program will install this file
Malware detections
Based on 40+ industry antivirus scanners, 15 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Agnitum |
5.5.1.3 |
HackTool.Keygen!0MY2AQ6aVKo |
| AVG |
2014.0.3629 |
Crack.CO |
| Comodo Internet Security |
15941 |
ApplicUnwnt.Win32.Keygen.~a |
| ESET NOD32 |
7.8230 |
a variant of Win32/HackKMS.A |
| Fortinet |
5.0.43.0 |
Riskware/HackKMS |
| F-Prot |
v6.4.7.1.166 |
W32/Keygen.C.gen!Eldorado |
| Ikarus |
T3.1.4.0.0 |
not-a-virus.Activator.Windows |
| K7GW |
12.7.0.8 |
Trojan |
| Malwarebytes |
1.70.0.9 |
RiskWare.Tool.CK |
| eScan by MicroWorld |
12.0.250.0 |
not-a-virus.Activator.Windows (ES) |
| Norman |
7.00.22 |
Suspicious_Gen2.BTZDE |
| Sophos |
4.87.0 |
Troj/Keygen-DX |
| Trend Micro |
9.740.0.1012 |
HKTL_KEYGEN |
| Trend Micro HouseCall |
9.700.0.1001 |
HKTL_KEYGEN |
| VIPRE Antivirus |
16882 |
Trojan.Win32.Generic!BT |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00012530% | |
| Kernel CPU: | 0.00005510% | |
| User CPU: | 0.00007021% | |
| Kernel CPU time: | 85,816 ms/min | |
| CPU cycles: | 3,054/sec | |
| Memory |
| Private memory: | 1.04 MB | |
| Private (maximum): | 3.2 MB | |
| Private (minimum): | 2.34 MB | |
| Non-paged memory: | 1.04 MB | |
| Virtual memory: | 23.92 MB | |
| Virtual memory (peak): | 25.67 MB | |
| Working set: | 2.61 MB | |
| Working set (peak): | 3.21 MB | |
| Page faults: | 1,489/min | |
| I/O |
| I/O other transfer: | 200 Bytes/sec | |
| I/O other operations: | 1/sec | |
| Resource allocations |
| Threads: | 3 | |
| Handles: | 74 | |
| GUI GDI count: | 4 | |
| GUI USER count: | 1 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\windows\kmservice.exe
- C:\windows\kmsem\kmservice.exe
|
| Owner: | SYSTEM |
| Parent process: | srvany.exe |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
43.75% |
|
| Windows 8 Pro |
31.25% |
|
| Windows 7 Enterprise |
12.50% |
|
| Windows 8 Pro with Media Center |
6.25% |
|
| Microsoft Windows XP |
6.25% |
|
Distribution by country
Brazil installs about 12.50% of kmservice.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Acer |
22.22% |
|
| Dell |
22.22% |
|
| ASUS |
22.22% |
|
| Hewlett-Packard |
11.11% |
|
| Alienware |
11.11% |
|
| GIGABYTE |
11.11% |
|
