How to remove $RCSZC72.exe

$RCSZC72.exe

The module $RCSZC72.exe has been detected as Hack.KMS

$RCSZC72.exe
Remove $RCSZC72.exe

File Details

MD5: c8e1146417b2125f9ff29f655d52fce9
Size: 6 MB
First Published: 2017-05-26 15:05:27 (8 years ago)
Latest Published: 2022-06-04 23:30:31 (2 years ago)
Status: Hack.KMS (on last analysis)
Analysis Date: 2022-06-04 23:30:31 (2 years ago)

Overview

Signed By: WZT
Status: Valid

Common Places:

%windir%\setup\scripts\activator\kmsauto
%sysdrive%\windows
%sysdrive%\totalcmd\!!!kmsauto_lite_portable_v1.2.4
%profile%\7\kms_vl_efi\kmsauto lite portable v1.2.4
%profile%\81\kms\kmsauto lite portable v1.2.4
%profile%\10\kms\kmsauto lite portable v1.2.4
%desktop%\bonus\7\kms_vl_efi\kmsauto lite portable v1.2.4
%desktop%\bonus\10\kms\kmsauto lite portable v1.2.4
%desktop%\bonus\81\kms\kmsauto lite portable v1.2.4
%desktop%\bonus\81\kms

File Names:

KMSAuto.exe
$RCSZC72.exe

Geography:

Russia 57.7%
Ukraine 21.7%
Belarus 5.3%
Kazakhstan 2.9%
Estonia 1.4%
Uzbekistan 1.2%
Lithuania 0.7%
Kyrgyzstan 0.7%
United Kingdom 0.7%
Georgia 0.7%
Romania 0.7%
Indonesia 0.7%
Italy 0.7%
Iran 0.7%
Azerbaijan 0.5%
Germany 0.5%
Netherlands 0.5%
Poland 0.2%
Bosnia and Herzegovina 0.2%
Turkey 0.2%
Vietnam 0.2%
Latvia 0.2%
Czech Republic 0.2%
Morocco 0.2%
Moldova 0.2%
South Korea 0.2%
Bangladesh 0.2%

OS Version:

Windows 10 46.6%
Windows 7 44.0%
Windows 8.1 7.5%
Windows Embedded 8.1 1.0%
Windows XP 0.5%
Windows Server 2012 R2 0.2%
Windows Server 2008 R2 0.2%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x00001000

PE Sections:

Name Size of data MD5
.code 107520 344d69021f7c8de398219d84d8b42918
.text 307200 f1d1dcb82445e9ab9b4b2f73af338172
.rdata 35840 845b07f0ebd235da7031a74ca0534020
.data 6125056 96d46480ffd461719107f0fedc5fa86b
.rsrc 45568 c95652abfb70d895e9f5bc363ceb3198

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for $RCSZC72.exe
copyright for information about $RCSZC72.exe
­