How to remove $RCVCROT.exe
- File Details
- Overview
- Analysis
$RCVCROT.exe
The module $RCVCROT.exe has been detected as PUP.AutoKMS
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
d1667e5fb0bb342131869fd8afeb0609 |
| Size: |
296 KB |
| First Published: |
2017-05-22 10:19:57 (8 years ago) |
| Latest Published: |
2023-10-08 23:30:52 (2 years ago) |
| Status: |
PUP.AutoKMS (on last analysis) |
|
| Analysis Date: |
2023-10-08 23:30:52 (2 years ago) |
| %commonappdata%\kmsautos\bin |
| %temp%\be1b.tmp |
| %commonappdata%\kmsauto\bin |
| %temp%\b8cb.tmp |
| %temp%\52cf.tmp |
| %temp%\484f.tmp |
| %commonappdata%\kmsautos |
| %commonappdata%\kmsauto |
| %temp% |
| %sysdrive%\$recycle.bin |
|
35.7% |
|
|
21.2% |
|
|
9.6% |
|
|
3.4% |
|
|
3.4% |
|
|
3.1% |
|
|
1.9% |
|
|
1.9% |
|
|
1.7% |
|
|
1.7% |
|
|
1.4% |
|
|
1.4% |
|
|
1.4% |
|
|
1.2% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.5% |
|
|
0.5% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
| Windows 8.1 |
48.9% |
|
| Windows 7 |
33.9% |
|
| Windows 10 |
16.0% |
|
| Windows 8 |
1.0% |
|
| Windows Server 2012 R2 |
0.2% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x00019054 |
| Name |
Size of data |
MD5 |
| .text |
207360 |
daaa7cefb5164f171d6d83721577b989 |
| .rdata |
70144 |
d2175f96fda3740a88b0d0c90462e2b7 |
| .data |
8704 |
7a2d8648af48170b15007e53c48891df |
| .rsrc |
1536 |
031ee5737dce6ec52b5af731c3184ba7 |
| .reloc |
14336 |
7cc11704d0e569ffc66923c3b098cf0c |
